firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and scrapes arbitrary public websites (e.g., via the /scrape, /crawl, /map, /search, and /extract endpoints using the "url" or "query" parameters) and returns full page content for AI extraction, exposing the agent to untrusted, user-generated third‑party content that could carry indirect prompt injections.