deep-research-firecrawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly performs open-web retrieval and scraping (e.g., SKILL.md and README: "Use Firecrawl MCP" with firecrawl:firecrawl_search, firecrawl:firecrawl_scrape/map/crawl and reference/methodology.md / research_engine.py instructing WebSearch/WebFetch to collect 15–30+ public URLs), so it clearly ingests untrusted third-party web content that the agent will read and interpret.