firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes arbitrary public web content (e.g., SKILL.md commands like firecrawl scrape "<url>", firecrawl search, firecrawl map, firecrawl browser "open <url>", and firecrawl agent ... --urls "<url>"), and rules/security.md even notes fetched web content is "untrusted third-party data," so the agent is expected to read/interpret third‑party pages which can influence agent actions.