firecrawl-build-interact

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs use of the Firecrawl /interact flow to drive and read web pages ("content appears only after clicks, typing, or navigation", "search forms", "login-gated dashboards or tools"), which requires fetching and interpreting public third-party web content that can materially influence what the agent clicks, fills, or navigates.