firecrawl

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill contains multiple high-risk behaviors—including explicit instructions to capture/API-key entry and automate browser logins, to hide outputs in .gitignore, to always replace built-in web tools, and to run large parallel scrapes—that together enable credential capture, data exfiltration, and potential supply‑chain misuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and scrapes arbitrary public web content (e.g., the "firecrawl search 'your query'" and "firecrawl scrape https://example.com" commands and .firecrawl output files), so the agent will ingest and read untrusted third‑party web pages as part of its workflow.