firecrawl-deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md's "Firecrawl Collection Plan" explicitly instructs the agent to use Firecrawl to search and scrape public web sources (5–25 URLs, including primary and contrarian sources) and the "Final Deliverable" requires citing every URL and synthesizing that scraped content, so the agent will ingest untrusted third‑party web content that can influence its actions.