pain-language-engagers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 pipeline explicitly scrapes public, user-generated LinkedIn content (keyword searches, company pages, posts, comments, and profiles) using apimaestro/linkedin-posts-search-scraper-no-cookies and harvestapi/linkedin-company-posts / linkedin-profile-scraper, and that scraped text is parsed and used to enrich, classify, filter, and select leads — so untrusted third-party content can materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The pipeline explicitly requires and invokes external Apify actors (apimaestro/linkedin-posts-search-scraper-no-cookies and harvestapi/linkedin-company-posts / harvestapi/linkedin-profile-scraper) via the Apify API (e.g., https://api.apify.com) at runtime, which executes remote code and is a required dependency for the skill.