apify-ecommerce

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflows (e.g., Workflow 1 Products & Pricing, Workflow 2 Customer Reviews, Workflow 3 Seller Intelligence) and the run_actor.js script explicitly run Apify scraping actors against public marketplaces and Google Shopping and then download/display the scraped product pages and user-generated reviews (via downloadResults/displayQuickAnswer), so the agent ingests untrusted third‑party web content which is then read and used to generate summaries/decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime posts to the Apify API (e.g., https://api.apify.com/v2/acts/{author~actor}/runs?token=...) to start the apify/e-commerce-scraping-tool actor, meaning it executes remote code on Apify that the skill requires to function.