apify-actor-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary startUrls (see .actor/input_schema.json "startUrls" and examples calling Actor.getInput() and crawler.run(startUrls)/requestHandler) and scrapes content from public/user-provided web pages, so the agent will ingest untrusted third-party content that could carry indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes monetization and billing APIs: pay_per_event.json configuration, instructions to "set up billing details for payouts", and code-level calls that charge users (e.g., Actor.charge({ eventName: 'page-scraped', count: 1 }) and Actor.pushData(..., 'result-saved')). These are specific, built-in payment/charging functions (Pay-Per-Event / Pay-Per-Result) intended to collect fees from users and configure payouts. This is not generic browsing or a generic HTTP caller — it is an explicit platform billing/charging capability that can move money. Therefore it grants direct financial execution authority.