apify-scrapers
Fail
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to scrape large amounts of untrusted content from social media platforms (Twitter, Reddit, Facebook, Instagram, LinkedIn, YouTube, TikTok) and external websites. This content is then stored and potentially processed by an AI agent.
- Ingestion points: Multiple scripts, including
scripts/scrape_content_by_url.py,scripts/scrape_facebook.py, andscripts/scrape_instagram.py, fetch data from external sources and pass it into the agent's context. - Boundary markers: There are no markers or delimiters used in the output files (JSON/HTML) to separate scraped content from system instructions.
- Capability inventory: Scraped data is written to the local
.tmp/directory viascripts/scrape_audience.py,scripts/analyze_trends.py, and others. - Sanitization: The skill lacks sanitization or filtering logic to detect or escape instructions embedded in the scraped data, leaving the agent vulnerable to indirect prompt injection attacks.
- [DATA_EXFILTRATION]: Automated security scanners identified potential phishing URLs in
references/linkedin.mdandreferences/instagram.md. These URLs are provided as examples for the agent to follow, which could lead the agent to interact with or retrieve data from malicious sites. - [EXTERNAL_DOWNLOADS]: The skill makes frequent network calls to the Apify API (
api.apify.com) and Firecrawl API (api.firecrawl.dev) to execute scraping actors and retrieve web content. While these are well-known services, the reliance on external execution of actors means the agent is continuously downloading data from remote servers.
Recommendations
- AI detected serious security threats
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata