firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes arbitrary public web pages and user-provided URLs via the Firecrawl CLI (see SKILL.md commands like firecrawl scrape "<url>" and the Workflow) and rules/security.md explicitly treats fetched web content as "untrusted third-party data," meaning the agent will ingest external content that could contain indirect prompt injections.