apify-ai-search-visibility-tracker
Warn
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes an installation script,
install_cron.sh, which automates the setup of recurring tasks using system schedulers (cronon Linux andlaunchdon macOS). This script modifies system configuration files to ensure the tracking runner executes on a schedule. Although the script requires user confirmation and uses absolute paths, modifying system persistence mechanisms is a high-privilege operation.\n- [DATA_EXFILTRATION]: Therun_snapshot.pyscript transmits data, including search prompts and results from AI search engines, to the Apify API (api.apify.com). It also archives raw data in an Apify Key-Value store. This behavior is documented as a core feature for long-term tracking and history reporting, utilizing the vendor's own infrastructure.\n- [EXTERNAL_DOWNLOADS]: The skill orchestrates the execution of remote Apify Actors, specificallyapify/google-search-scraperandapify/website-content-crawler. These actors are hosted and maintained by Apify, and their usage is central to the skill's functionality.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data from external AI search engines.\n - Ingestion points: The
run_snapshot.pyscript ingests data from external AI search engines via theapify/google-search-scraperactor output.\n - Boundary markers: No explicit delimiters or boundary markers are used when processing the text returned by AI search engines.\n
- Capability inventory: The script has the capability to write local markdown reports and transmit data to the Apify API.\n
- Sanitization: The script uses
re.escape()to sanitize brand names for matching, but it lacks comprehensive sanitization or filtering of the AI-generated content.
Audit Metadata