firecrawl-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill clearly scrapes and ingests arbitrary public websites (e.g., SKILL.md and README examples using app.scrape_url/app.crawl_url and the Cloudflare Workers example that accepts a user-provided "url" and calls https://api.firecrawl.dev/v2/scrape), which are untrusted third‑party pages that the agent will read and interpret as part of its workflow, enabling indirect prompt injection.