firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly scrapes and ingests arbitrary public web content (e.g., SKILL.md and README show commands like "firecrawl scrape URL", "firecrawl search --scrape", the agent API in references/firecrawl-agent-api.md, interact flows in references/interact-reference.md, the deepwiki.sh script fetching deepwiki.com GitHub pages, and a Jina fallback for Twitter/X), and that untrusted, user-generated third‑party content is fed into LLM-powered agent/extract/interact workflows that can drive further actions—creating a clear avenue for indirect prompt injection.