The Agent Skills Directory

CREDENTIALS_UNSAFE (HIGH): The skill instructs the agent to read the APIFY_TOKEN from a .env file using grep and export it into the environment. This practices exposes sensitive credentials to the process environment and potentially system logs.
COMMAND_EXECUTION (HIGH): The workflow utilizes shell commands where variables such as ACTOR_ID and JSON_INPUT are directly interpolated into bash strings. This is a classic command injection vulnerability if the values (which could be sourced from external Actor schemas) contain shell metacharacters.
EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the global installation of @apify/mcpc and communicates with mcp.apify.com. These are not included in the Trusted External Sources list, making the dependency unverifiable.
PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. (1) Ingestion points: The skill extracts data from third-party platforms including Google Maps, Facebook, Instagram, and TripAdvisor. (2) Boundary markers: Absent; there are no instructions to ignore embedded commands in the extracted data. (3) Capability inventory: The agent can execute shell commands via mcpc and node, and has file-write capabilities for CSV/JSON exports. (4) Sanitization: None; the extracted external content is processed and summarized without validation.

apify-market-research