firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs commands that fetch and ingest public web content (e.g., firecrawl scrape "", search --scrape, crawl, browser open , and the agent extraction commands which write/read .firecrawl/ files), and rules/security.md even labels fetched web content as "untrusted third-party data," so the agent is expected to read/interpret arbitrary third‑party pages that could contain indirect prompt injections.