firecrawl-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches and ingests arbitrary public web content (e.g., the /v2/scrape, /v2/crawl, /search, /extract, /agent and batch endpoints and the Cloudflare Worker templates that accept user-provided URLs) and therefore will read and interpret untrusted, user-generated or third‑party web pages as part of its runtime workflow, enabling indirect prompt injection.