apify-ultimate-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The workflow runs Apify CLI commands that fetch and return scraped page text/datasets (e.g., apify actors call/start and then apify datasets get-items), which can include outsider-authored free text from public web/social sources into the agent’s LLM context via the JSON results.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes Apify CLI commands at runtime (e.g., fetching actor input/readme and starting actors) which rely on and execute remote Apify Actors on the Apify platform (e.g., https://console.apify.com and Apify Actor IDs like apify/instagram-scraper), so external Apify endpoints are required runtime dependencies that can execute remote code and influence the agent's behavior.