review-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and scripts/scrape_reviews.py explicitly run Apify actors to scrape user-generated, public reviews from Trustpilot, G2, and Capterra and then normalize/filter/return that content for downstream use, so the agent will ingest untrusted third-party text that could contain instruction-like content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script calls the Apify runtime API (https://api.apify.com/v2, e.g. POST to https://api.apify.com/v2/acts/{actor_id}/runs for actor IDs like zen-studio~g2-reviews-scraper) at runtime to start third‑party Apify actors (remote code execution) and the skill depends on those runs to produce its results.