Skills
skills/sickn33/antigravity-awesome-skills/apify-actorization/Snyk

apify-actorization

Warn

Audited by Snyk on Mar 5, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly runs web crawlers on arbitrary startUrl input (see "apify run --input '{"startUrl": ...}'" in SKILL.md and the PlaywrightCrawler examples in references/js-ts-actorization.md and references/python-actorization.md), which causes the agent to fetch and interpret untrusted public web pages whose content can influence processing and subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill documentation explicitly describes monetization and a programmatic charge API: "Pay Per Event (PPE)" and the example "Charge for events in your code with await Actor.charge('result')". That is a specific API/function to perform a charge (move money) rather than a generic tool (browser, HTTP, or CLI). Because it contains an explicit "charge" operation for billing users, it grants direct financial execution capability.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 08:44 AM