scrape-to-crm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs Apify LinkedIn scrapers ("Step 2: Apify — Find and Run LinkedIn Actor") to fetch public LinkedIn profiles/company pages and then transforms and upserts that untrusted, user-generated content into Attio ("Step 3: Transform Scraped Data" and "Step 5: Attio CRM — Upsert Records"), so third-party content is ingested and directly drives tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes Apify actors at runtime (e.g., actor IDs like "anchorlinkedin-profile-scraper", "apifylinkedin-company-scraper", "curious_coderlinkedin-search", "bebitylinkedin-people-search" via mcp__apify__call-actor), which executes remote scraping code and are required for the pipeline, so these external actor endpoints are runtime dependencies that execute remote code.