apify-booking-host-leads
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes instructions to use the "apify actors call" command via the CLI, which executes shell commands to interact with the Apify platform to run various scraping actors.
- [EXTERNAL_DOWNLOADS]: The workflow relies on calling remote actors from the Apify registry, including official packages such as "apify/google-search-scraper" and community-maintained ones like "voyager/booking-scraper", "lukaskrivka/google-maps-with-contact-details", and "vdrmota/contact-info-scraper".
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing untrusted data from external websites and search results.
- Ingestion points: External data collected from Booking.com search results and website scraping tools.
- Boundary markers: Absent; there are no instructions to the agent to treat scraped data as untrusted or to use delimiters to separate data from instructions.
- Capability inventory: The skill triggers subprocess calls via the Apify CLI as documented in SKILL.md.
- Sanitization: No sanitization or content validation is specified before the agent processes the scraped data or passes it to further steps in the waterfall.
Audit Metadata