firecrawl-crawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes crawling and bulk-extracting pages from arbitrary websites/URLs ("Bulk extract content from a website", "Crawls pages following links up to a depth/limit"), which clearly ingests untrusted public third‑party web content that the agent is expected to read and could influence subsequent actions.