apify-actor-development

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill provides clear security guidance for managing the APIFY_TOKEN, specifically recommending the use of environment variables and scoped tokens while warning against passing secrets via command-line arguments.
  • [EXTERNAL_DOWNLOADS]: The documentation instructs users to install the Apify CLI via trusted package managers (npm, brew) and includes an explicit security warning against insecure patterns like piping remote scripts to a shell (curl | bash).
  • [PROMPT_INJECTION]: The skill correctly identifies the risk of indirect prompt injection from crawled web content, providing mandatory rules for sanitizing data and treating external content as untrusted input.
  • [COMMAND_EXECUTION]: Best practices in the skill explicitly forbid passing raw scraped content to shell commands, eval(), or code-generation functions, mitigating potential injection vulnerabilities.
  • [REMOTE_CODE_EXECUTION]: The skill encourages the use of lockfiles (package-lock.json) and version pinning in requirements.txt to ensure reproducible and integrity-checked builds, reducing supply-chain risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 09:35 PM
Security Audit — agent-trust-hub — apify-actor-development