Firecrawl Automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and processes arbitrary public web content (e.g., via FIRECRAWL_SCRAPE "url", FIRECRAWL_CRAWL_V2 "url", FIRECRAWL_EXTRACT "urls", FIRECRAWL_BATCH_SCRAPE "urls", and FIRECRAWL_MAP_MULTIPLE_URLS_BASED_ON_OPTIONS), so it ingests untrusted third‑party pages as part of its workflow and could enable indirect prompt injection.