apify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill runs web-scraping Actors that accept arbitrary startUrls and returns dataset items (e.g., /v2/acts/... with startUrls and /v2/datasets/{datasetId}/items), and explicitly includes scrapers for social media and public sites (Instagram, Twitter, Google Search, forums), so it ingests untrusted third‑party/user‑generated content that the agent is expected to read.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill issues runtime requests to https://api.apify.com (e.g. POST to /v2/acts/... and run-sync endpoints) with user-supplied pageFunction payloads that are executed as Actors on Apify, so the external API executes remote code at runtime.