firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly provides commands that fetch and ingest arbitrary open-web content (e.g., "firecrawl search ... --scrape", "firecrawl scrape ''", "firecrawl crawl ''", and the "browser" and "agent" commands) and rules/security.md itself calls fetched web content "untrusted third-party data", so the agent is expected to read and act on untrusted public web content that could contain indirect prompt injections.