firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes Firecrawl as a web-scraping tool that "extracts data from websites" and documents using Membrane actions (e.g., membrane action run ...) whose output contains scraped content, so the agent will ingest and act on untrusted public web content returned by those actions.