product-hunt-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill's script scripts/scrape_producthunt.py runs an Apify actor (maximedupre/product-hunt-scraper) and fetches dataset items from apify.com (or a GooseWorks proxy) containing Product Hunt product name/tagline/description (public, user-generated content) which the agent reads, filters, and uses to drive outputs—therefore it ingests untrusted third-party content that could carry indirect prompt-injection payloads.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill issues runtime API calls to https://api.apify.com/v2 (and, if GOOSEWORKS_API_KEY is set, to https://api.gooseworks.ai/v1/proxy/apify) to start the Apify actor maximedupre~product-hunt-scraper, which executes remote code on a third-party service and is required for the skill to work.