firecrawl-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests arbitrary open-web content via commands like "firecrawl search", "firecrawl scrape ", and "firecrawl crawl " (and reads scraped output files), which are untrusted third‑party web pages/search results intended to be read by the agent and could carry indirect prompt injections.