linkedin-profile-post-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the Apify LinkedIn Profile Posts actor and dataset APIs (see SKILL.md and scripts/scrape_linkedin_posts.py, e.g. requests.post to https://api.apify.com/.../acts/harvestapi~linkedin-profile-posts/runs and dataset fetch) to ingest public, user-generated LinkedIn posts which the script reads, filters, sorts, and uses to determine outputs, so untrusted third-party content can influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to the Apify API (e.g. POST https://api.apify.com/v2/acts/harvestapi~linkedin-profile-posts/runs and related dataset endpoints) to start and fetch results from a remote Apify actor — which executes remote code at runtime and the skill depends on that actor for its functionality.