review-site-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs Apify actors to scrape public, user-generated reviews from G2, Capterra, and Trustpilot (see SKILL.md and scripts/scrape_reviews.py), ingesting untrusted third-party content (review text) that the agent normalizes and processes as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The script invokes Apify's API at runtime (BASE_URL defaults to https://api.apify.com/v2 and can use https://api.gooseworks.ai) to start third-party Apify actors (/acts/{actor_id}/runs), which executes remote actor code on those platforms and is a required dependency for the skill.