web-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Research Strategy and MCP Tools explicitly require using Perplexity and Firecrawl MCPs to search and scrape specific URLs (e.g., "Use Firecrawl MCP to scrape specific documentation pages" and mcp__firecrawl__firecrawl_scrape), so the agent fetches and ingests open/public third‑party content that it must read and that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill exposes a runtime scraper (mcp__firecrawl__firecrawl_scrape) that fetches and injects the contents of arbitrary external URLs (e.g., https://... targets provided at runtime), meaning fetched pages can directly control the agent's context/prompts.