firecrawl-scrape

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the tool to scrape arbitrary public URLs or search results via the --url/--search parameters using the Firecrawl MCP, meaning untrusted third-party web content is ingested and can influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill fetches arbitrary external pages at runtime (e.g., the --url parameter such as "https://example.com" or "https://docs.python.org/3/library/asyncio.html") and uses the scraped content to drive the agent's output, so remote content can directly control prompts.