apify-brand-reputation-monitoring
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands, including the
mcpcCLI tool and a Node.js script (run_actor.js), to fetch actor schemas and execute data scraping tasks. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to the official Apify API (
api.apify.com) to initiate actor runs and retrieve results. These operations are essential for the skill's functionality and target the vendor's infrastructure. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes and displays data from external sources (Google Maps, TripAdvisor, Facebook, Instagram, YouTube, and TikTok).
- Ingestion points: Untrusted data is retrieved from external platforms via the
displayQuickAnsweranddownloadResultsfunctions inreference/scripts/run_actor.js. - Boundary markers: The skill does not employ specific delimiters or instructions to the agent to ignore potential commands embedded within the scraped content.
- Capability inventory: The agent possesses the capability to execute shell commands and interact with APIs, which could be targeted by injected instructions.
- Sanitization: The implementation lacks sanitization or filtering of the scraped text to detect or mitigate prompt injection attacks, relying only on basic truncation for display purposes.
Audit Metadata