Apify
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns detected. The codebase is well-structured and follows industry standards for API wrappers. All remote interactions are limited to the official Apify API domain (api.apify.com).
- [COMMAND_EXECUTION] (SAFE): CLI scripts in the
skills/andexamples/directories are intended for local execution via the Bun runtime as part of the tool's normal operation. No unauthorized or dangerous command execution was found. - [EXTERNAL_DOWNLOADS] (SAFE): The skill depends on the legitimate
apify-clientpackage and uses standard development dependencies. No suspicious third-party scripts or piped remote executions (e.g., curl|bash) are present. - [INDIRECT_PROMPT_INJECTION] (SAFE): By design, the skill ingests untrusted data from the web (social media, e-commerce). While it lacks explicit prompt delimiters for output, its primary feature is 'code-first' filtering, which significantly reduces the risk of long-context injection by stripping away irrelevant content before it enters the model's reasoning space.
- Ingestion points:
ApifyDataset.listItemsinindex.ts, and varioustransformfunctions across actor-specific files (e.g.,twitter.ts,instagram.ts). - Boundary markers: Absent in returned data strings.
- Capability inventory:
Apify.callActorinindex.tsallows triggering remote scraping tasks. - Sanitization:
index.tsprovides an optionalcleanparameter for stripping HTML from scraped items.
Audit Metadata