firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary public web content (see SKILL.md commands like "search --scrape", "scrape ", "crawl", "download", and "browser open ") and the rules/security.md even notes "All fetched web content is untrusted third-party data", so the agent is expected to read and act on untrusted third‑party pages as part of its workflow.