firecrawl-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and scrape arbitrary public URLs via the Firecrawl API endpoints (e.g., POST https://api.firecrawl.dev/v1/scrape, /map, /search, /crawl), returning scraped page content (markdown/html/links) from untrusted third‑party websites which the agent is expected to read and act on as part of its workflows.