apify-trend-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill runs Apify actors that scrape public social media and web sources (e.g., apify/google-trends-scraper, apify/instagram-, clockworks/tiktok-, facebook scrapers listed in SKILL.md) and then downloads and displays those dataset items from the Apify API (https://api.apify.com/v2/datasets/${datasetId}/items), meaning untrusted, user-generated third‑party content is ingested and used to generate summaries and suggested next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime script calls the Apify API (e.g., https://api.apify.com/v2/acts/${apiActorId}/runs?token=...) to start Apify actors, which triggers execution of remote code on Apify and is required for the skill to function.