apify-content-analytics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill runs Apify scrapers for public social platforms (e.g., apify/instagram-, apify/facebook-, clockworks/tiktok-scraper, streamers/youtube-scraper) and then fetches and reads result items from the Apify dataset API (https://api.apify.com/v2/datasets/…/items) in displayQuickAnswer/downloadResults and uses those items to produce summaries, so untrusted, user-generated third-party content is directly ingested and can influence agent outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime code calls Apify APIs (e.g., POST to https://api.apify.com/v2/acts/{author~actor}/runs?token=...) to start remote Apify actors (thereby executing remote code) and later fetches dataset results, and the skill requires these external actor runs to function.