scrape-leads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly scrapes public web data via Apify (scripts/scrape_apify.py and scrape_apify_parallel.py) and ingests those scraped company descriptions/keywords into an LLM classifier (scripts/classify_leads_llm.py) and sheet workflows (scripts/read_sheet.py / update_sheet.py), meaning untrusted third‑party content is read and directly used to drive filtering, classification, and subsequent actions (e.g., proceed/stop, which leads are saved), enabling indirect prompt-injection risk.