firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly includes commands (search, scrape, map, crawl, browser, and the AI-powered agent) that fetch and ingest arbitrary public web pages and search results into .firecrawl/ (and rules/security.md even calls fetched web content "untrusted third-party data"), so it clearly exposes the agent to untrusted third-party content that could carry indirect prompt injection.