firecrawl-interact

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md instructs scraping arbitrary public webpages with "firecrawl scrape """ and then directs the agent to read and interact with that scraped page via natural-language prompts (e.g., "Click the login button"), so untrusted third-party page content can be ingested and directly influence agent actions, enabling indirect prompt injection.