apify-actorization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's instructions (SKILL.md Step 7: "apify run --input '{"startUrl": ...}'") and the JS/TS example in references/js-ts-actorization.md (PlaywrightCrawler running on input.startUrl) explicitly direct the agent to fetch and process arbitrary public web pages (user-supplied startUrl), which are untrusted third-party content that can materially influence runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The example Dockerfile in references/cli-actorization.md includes a runtime build step that runs curl --location https://raw.githubusercontent.com/houseabsolute/ubi/master/bootstrap/bootstrap-ubi.sh | sh, which fetches and immediately executes remote code as part of the required image setup.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly documents monetization and a payment-related API: it shows how to monetize actors (Pay Per Event, Rental) and gives a concrete function call to charge for events ("await Actor.charge('result')"). That is an explicit API to initiate charges/payments, i.e., a direct financial execution capability.