apify-market-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs Apify actors that scrape open/public third-party sources listed in SKILL.md (e.g., Google Maps, Facebook, Instagram, Booking.com, TripAdvisor) and reference/scripts/run_actor.js then downloads dataset items from the Apify API (https://api.apify.com/…/datasets/{datasetId}/items) and displays/summarizes those results, so untrusted/user-generated content is ingested and directly influences the agent's outputs and next actions.