The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The skill interpolates user-controlled variables such as 'ACTOR_ID' and 'JSON_INPUT' directly into shell commands in Step 2 and Step 4. Without proper sanitization or escaping, this pattern is highly vulnerable to command injection attacks where a malicious user could execute arbitrary system commands.
CREDENTIALS_UNSAFE (MEDIUM): The workflow requires reading the sensitive 'APIFY_TOKEN' from a .env file using shell expansion ('grep' and 'xargs'). This increases the risk of the secret being exposed in process listings, logs, or command history.
EXTERNAL_DOWNLOADS (MEDIUM): The skill instructions require a global installation of the '@apify/mcpc' npm package. This introduces an external binary dependency that is not version-pinned or managed within the skill's own environment.
DATA_EXFILTRATION (LOW): The capability to read local files (like .env) combined with tools that perform network requests (mcpc and the local node scripts) creates a potential path for data exfiltration if the agent is manipulated via prompt injection.
INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to ingest and summarize reviews and comments from external platforms (Google Maps, YouTube, TikTok, etc.). 1. Ingestion points: External review data from various Actors. 2. Boundary markers: None provided in the prompts. 3. Capability inventory: File writing (CSV/JSON), shell command execution. 4. Sanitization: None specified for the ingested content.

apify-brand-reputation-monitoring