firecrawl-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly supports web searching and full-page scraping of arbitrary search results (see the description and the --scrape option / "Returns search results with optional full-page markdown"), which ingests untrusted public web content that the agent would read and could influence subsequent actions.