apify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill instructs the agent to run Apify Actors on arbitrary public startUrls (examples include news.ycombinator.com, Instagram, Amazon) and to fetch scraped results via the API (e.g., GET /v2/datasets/{datasetId}/items), so it ingests untrusted third‑party web content that could contain instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). Yes — the skill makes runtime API calls to Apify (e.g., https://api.apify.com/v2/acts/apify~web-scraper/runs) which trigger execution of remote Actors (remote code) and the skill depends on those endpoints to operate, so this is a required external runtime dependency that executes remote code.