apify-js-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs fetching and parsing public webpages (e.g., the "Basic Link Extraction with Cheerio" example that uses gotScraping on https://warehouse-theme-metal.myshopify.com/collections/sales and the "Web Scraping Workflow" steps), so the skill's workflow requires ingesting and acting on untrusted third-party web content which can influence crawling/enqueueing and other actions.