apify-actorization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs actors to fetch and process arbitrary public web content (e.g., "apify run --input '{"startUrl": ...}'" in Step 7, the JS/TS PlaywrightCrawler example in references/js-ts-actorization.md, and the CLI wrapper that reads input via apify actor:get-input in references/cli-actorization.md), so untrusted third-party web content is ingested and can influence runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Dockerfile in the CLI-based template runs a command that curls and pipes the remote script https://raw.githubusercontent.com/houseabsolute/ubi/master/bootstrap/bootstrap-ubi.sh | sh, which fetches and immediately executes remote code during build/runtime and is used as a required installer for the template.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly documents monetization and a programmatic billing API: "Charge for events in your code with await Actor.charge('result')". This is a concrete function to trigger charges (move money) via the Apify platform rather than a generic tool. Therefore it provides direct financial execution capability.