firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests arbitrary public web content (e.g., via commands like "firecrawl scrape https://example.com" and "firecrawl search ... --scrape") and directs the agent to read and interpret scraped pages and search results from open third-party sites, which exposes it to untrusted, user-generated content that could carry indirect prompt injections.