apify-actorization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow instructs actors to crawl and ingest arbitrary public websites (e.g., SKILL.md Step 8 test input with "startUrl" and references/js-ts-actorization.md showing a PlaywrightCrawler that reads page content and pushes results, plus links to Instagram/Google Maps scrapers), which are untrusted, user-generated third‑party sources that the agent is expected to read and that can materially influence processing.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The CLI-based Dockerfile example in references/cli-actorization.md runs curl --location https://raw.githubusercontent.com/houseabsolute/ubi/master/bootstrap/bootstrap-ubi.sh | sh, which fetches and executes remote code during the image build (a setup step included in the provided template), so it is a runtime external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is primarily about packaging code as Apify Actors, but it includes an explicit monetization API call: "Charge for events in your code with await Actor.charge('result')". That is a specific function to trigger charges/payments rather than a generic tool (e.g., browser automation or generic HTTP). Because it exposes a direct API to charge users (move money), it qualifies as Direct Financial Execution capability.