firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests open web content via commands like "firecrawl scrape "" -o .firecrawl/page.md" and "firecrawl crawl/search/browser" (see SKILL.md), and its workflow instructs the agent to read those .firecrawl output files (Reading Output Files) so untrusted third-party page content could indirectly inject instructions that influence subsequent actions.