firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly sends arbitrary queries and URLs to the Firecrawl API and ingests/searches/scrapes public web content (see SKILL.md and references/api.md) and the runtime scripts (scripts/scrape.py, scripts/crawl.py, scripts/search.py) parse and print returned markdown/HTML, which clearly exposes the agent to untrusted third‑party content that could contain indirect prompt injections.