apify-financial-news

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). Outsider free text from public web pages is ingested into the agent’s LLM context via Step 4/5: Apify actors (e.g., data_xplorer/google-news-scraper-fast, louvre/rss-news-aggregator, rodrigo_pacelli/headline-news-scraper, apify/rag-web-browser, workhard3000/news-intelligence-rag-extractor, stanvanrooy6/universal-ai-web-scraper) fetch third-party articles at runtime, and extract_and_clean.py converts their HTML/text into readable strings that are then returned to the user (and thus into the agent’s LLM context).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill makes runtime API calls to Apify actor and dataset endpoints (e.g. https://api.apify.com/v2/acts/... and https://api.apify.com/v2/datasets/...) to run remote Apify actors and fetch datasets which execute code on Apify and are required for the pipeline, so these are runtime external dependencies that execute remote code.