The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to install the '@apify/mcpc' package globally. This is an external dependency that is not managed by the skill itself.
COMMAND_EXECUTION (MEDIUM): The workflow executes a local script at '${CLAUDE_PLUGIN_ROOT}/reference/scripts/run_actor.js'. Because the script body is not provided in the skill definition, its execution logic and safety cannot be verified.
CREDENTIALS_UNSAFE (LOW): The skill processes 'APIFY_TOKEN' from a local '.env' file. While environment variable usage is standard, extracting them via shell commands (grep/xargs) increases visibility of the secret in process lists.
PROMPT_INJECTION (LOW): This skill has an indirect prompt injection surface. It fetches dynamic schemas and data from the Apify platform (Step 2 and Step 5). Malicious content scraped from social media or provided in actor descriptions could influence the agent's behavior or summaries without proper sanitization.

apify-audience-analysis