Apify HN Scraper

The skill facilitates Hacker News scraping via the Apify API but contains vulnerabilities in the SKILL.md command templates. Specifically, it passes the sensitive APIFY_TOKEN within the URL query string and lacks input sanitization for the TERM placeholder in curl commands, which could lead to credential exposure in logs or shell injection if user input is not properly escaped by the AI agent. The Actor ID 0UDODOnpTkxY3Oc90 is a legitimate Apify actor, suggesting the flaws are unintentional rather than malicious.