product-hunt-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill runs an Apify actor (via run_apify_actor calling the Gooseworks/Apify proxy for danpoletaev~product-hunt-scraper) to fetch Product Hunt dataset items (public, user-generated product names/taglines/descriptions) and directly ingests and filters that content as part of its required workflow, exposing the agent to untrusted third‑party content that could carry injected instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The script makes runtime calls to the Gooseworks Apify proxy (e.g. https://app.gooseworks.ai/v1/proxy/apify) to start and poll an Apify actor (danpoletaev~product-hunt-scraper), which causes remote code to execute and is required for the skill to work.