review-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's script and SKILL.md explicitly run Apify actors and fetch dataset items from public review sites (G2, Capterra, Trustpilot) via the Apify API (see scripts/scrape_reviews.py run_apify_actor and SKILL.md examples), ingesting untrusted, user-generated review content that the agent reads, filters, normalizes, and uses to produce outputs—meeting all criteria for indirect prompt-injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls the Apify API (https://api.apify.com/v2, e.g. POST https://api.apify.com/v2/acts/{actor_id}/runs) to start third-party Apify actors (zen-studiog2-reviews-scraper, imadjourneycapterra-reviews-scraper, agents~trustpilot-reviews), which executes remote code and is required for the skill to operate.