unclawg-discover

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated content from open third-party sources (e.g., Reddit, Hacker News, Twitter/X, LinkedIn, TikTok, Instagram, YouTube) via the Phase 3 "Run Discovery" flow and scripts like scripts/search_reddit.sh, scripts/search_twitter.sh, and scripts/search_linkedin.sh, and that content is parsed and used to score candidates and drive reply_strategy/handoff decisions, so untrusted posts could indirectly inject instructions that change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes Apify actor endpoints at runtime (e.g. https://api.apify.com/v2/acts/api-ninja~x-twitter-advanced-search/runs?token=... and other https://api.apify.com/v2/acts/... URLs), which start remote scraper actors (i.e., execute remote code) and the scripts require APIFY_API_KEY, so this is a required runtime dependency that executes remote code.