review-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill performs network requests to
api.apify.comusing therequestslibrary to scrape reviews. It correctly manages the Apify API token by retrieving it from environment variables or command-line flags. All communication is directed to a well-known service related to the skill's primary function. - [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes content from external review platforms which are publicly editable.
- Ingestion points: External review data is fetched via the Apify API in
scripts/scrape_reviews.pyand returned to the agent. - Boundary markers: There are no markers or specific instructions provided to the agent to treat the scraped review text as untrusted or separate from the system instructions.
- Capability inventory: The script
scripts/scrape_reviews.pyhas network access to the Apify platform and provides data output; it does not directly execute any part of the fetched content. - Sanitization: The skill does not perform sanitization, filtering, or validation on the review text retrieved from the external sources.
Audit Metadata