firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and processes arbitrary public web content (see SKILL.md commands like "firecrawl scrape ''", "firecrawl search", "firecrawl crawl", "firecrawl browser" and the "agent" command) and rules/security.md even acknowledges fetched web content is "untrusted third-party data", so third‑party pages could inject instructions that influence subsequent tool use.