apify-lead-generation
Warn
Audited by Snyk on Apr 25, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches actor schemas from mcp.apify.com (SKILL.md Step 2 using mcpc) and runs Apify actors that retrieve and then download dataset items from https://api.apify.com (see reference/scripts/run_actor.js downloadResults and displayQuickAnswer), meaning it ingests arbitrary, user-generated third‑party content (scraped web/social data) as part of its workflow which could contain instructions that influence subsequent behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). This skill invokes the Apify API at https://api.apify.com/v2/acts/{actorId}/runs?token=... (and related dataset endpoints https://api.apify.com/v2/datasets/...) at runtime to start actor runs and fetch results, which triggers remote code execution on Apify and is required for the skill to function.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata