firecrawl-2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and fc.py clearly show the skill scrapes, searches, screenshots, extracts, maps, and crawls arbitrary public URLs (e.g., fc.py cmd_markdown, cmd_extract, cmd_search, cmd_crawl) so the agent will read and act on untrusted third‑party web content which could embed malicious instructions.