seo-firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The required workflow uses Firecrawl MCP tools (e.g., firecrawl_crawl, firecrawl_scrape, firecrawl_search) to fetch and extract readable page content from user-supplied URLs at runtime, which is outsider-authored web text injected into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly calls MCP tools (firecrawl_crawl / firecrawl_scrape) to fetch arbitrary external target URLs at runtime (the parameter) and then feeds the fetched page content into downstream subagents, meaning remote pages can directly influence prompts/behavior—flagging the runtime-fetch of the user-supplied .