firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and scrape arbitrary public webpages (e.g., via the Firecrawl API endpoints /v1/scrape, /v1/search, /v1/crawl) and to read/interpret that content for AI extraction and follow-up actions, exposing it to untrusted third‑party user-generated content that could inject instructions.