apify-booking-host-leads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Tier 2/3/4 runtime paths fetch outsider-authored web content (Google Maps results, Google Search snippets/URLs, and scraped third-party websites) and pass the extracted free text (emails/phones/website/contact text) into the agent/LLM context for processing.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls third‑party Apify actors at runtime (e.g., apify/ai-web-scraper and other actor IDs invoked via the Apify API / MCP endpoint https://mcp.apify.com), which execute remote code and in the case of apify/ai-web-scraper accept a prompt string from the skill — and the workflow depends on these actors for required functionality.