Apify

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt includes an explicit, mandatory "Voice Notification" that demands executing a local curl POST immediately before any action—an operational side-effect unrelated to the described scraping/wrapper functionality and therefore a deceptive/out-of-scope instruction.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls Apify actors to scrape public, user-generated content (e.g., SKILL.md and INTEGRATION.md describe running get-user-tweets.ts and other actor wrappers, and actor functions like scrapeTwitterProfile, searchGoogleMaps, and scrapeWebsite accept public URLs/startUrls) and that scraped content is read and used to drive downstream actions (e.g., transforming tweets into LinkedIn posts, lead enrichment), so untrusted third-party content can indirectly inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill makes runtime calls to the Apify platform (e.g., https://api.apify.com) via apify.callActor to run third‑party Apify actors (and passes user-provided pageFunction strings to apify/web-scraper), meaning external code is executed remotely and the skill depends on those external actors to function.