apify-mcpc
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute
mcpc,jq, andghCLI commands as part of its documented workflow. These commands are used to interact with Apify services and report structural issues to a vendor-owned GitHub repository. - [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing the
@apify/mcpcpackage from the official NPM registry if it is not found on the system. As a well-known package from an established service, this is a standard configuration step. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data scraped from the web via various Apify Actors.
- Ingestion points: Data enters the agent's context through the
get-actor-outputtool and thepreviewItemsfield incall-actorresponses. - Boundary markers: The skill does not implement programmatic delimiters or 'ignore' instructions for the scraped data, though it mandates a 'Verify results' step (Step 6) to detect anomalies manually.
- Capability inventory: Across its scripts and instructions, the skill utilizes command execution (
mcpc), public data posting (gh issue), and local file access (Read,Grep,Glob). - Sanitization: No explicit sanitization or filtering is applied to the retrieved content; the skill relies on the agent following the manual verification workflow to identify malicious or incorrect data.
Audit Metadata