apify-lead-generation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The workflow generates bash commands using variables like ACTOR_ID and JSON_INPUT. Without proper sanitization of these inputs, an attacker could potentially execute arbitrary shell commands.
- DATA_EXFILTRATION (MEDIUM): The skill explicitly reads the .env file and uses grep/xargs to extract the APIFY_TOKEN, passing it directly into shell command arguments which may be exposed in process monitors or logs.
- EXTERNAL_DOWNLOADS (MEDIUM): The instructions require the global installation of the @apify/mcpc package. This dependency is not from an organization included in the trusted list and represents an unverified third-party component.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection. 1. Ingestion points: The skill ingests data from Google Maps, Instagram, TikTok, Facebook, LinkedIn, YouTube, and Google Search. 2. Boundary markers: There are no delimiters or warnings to ignore embedded instructions in the scraped data. 3. Capability inventory: The skill can execute shell commands and write files to the filesystem. 4. Sanitization: No sanitization of external content is performed before the data is processed or displayed to the user.
Audit Metadata