firecrawl-build-scrape

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires using Firecrawl's /scrape to fetch and extract content from provided URLs (public web pages) for downstream LLM/indexing tasks—meaning the agent ingests untrusted third-party page content (HTML/markdown/links) that it will read and act on, exposing it to indirect prompt injection.