apify-generate-output-schema
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or high-risk security issues were detected. The skill's operations—reading source code and writing configuration files—are strictly limited to its intended purpose of assisting Apify developers.
- [COMMAND_EXECUTION]: The skill instructs the agent to search for specific function calls (e.g.,
pushData,setValue) within the codebase. These are standard file-system operations used for pattern matching and do not involve unauthorized command execution or privilege escalation. - [SAFE]: The skill identifies an attack surface for indirect prompt injection as it processes untrusted source code from the repository to derive schema definitions. 1. Ingestion points: The agent reads project source files (
.js,.ts,.py) and configuration files (actor.json). 2. Boundary markers: The instructions do not define explicit delimiters to isolate code content from agent instructions. 3. Capability inventory: The skill has file system read/write access to create schema JSONs and modifyactor.json. 4. Sanitization: The skill analyzes code statically through pattern matching and does not involve the execution of the analyzed content. This behavior is necessary for the tool's primary function and is considered safe in this context.
Audit Metadata