firecrawl-map

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly describes crawling and discovering URLs on arbitrary websites (e.g., "Discover URLs on a site", example commands like firecrawl map "<url>" and "map https://docs.example.com"), so the skill fetches and parses open/public third‑party pages whose content can influence which pages are scraped or crawled next, enabling indirect prompt injection.