apify
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto fetch the@apify/actors-mcp-serverpackage from the NPM registry at runtime. Apify is a well-known automation service. - [REMOTE_CODE_EXECUTION]: The fetched package is executed as a subprocess to provide scraping capabilities to the agent.
- [PROMPT_INJECTION]: The skill possesses a surface for Indirect Prompt Injection because it extracts data from external websites and social media platforms.
- Ingestion points: Data retrieved by Apify Actors (e.g.,
web-scraper,instagram-scraper) which contains third-party content. - Boundary markers: None identified in the skill definition to separate untrusted data from the agent's instructions.
- Capability inventory: The agent reads, parses, and processes the scraped content, which could contain instructions intended to influence the agent's behavior.
- Sanitization: The skill does not implement specific sanitization or filtering of the scraped text before it is returned to the agent context.
Audit Metadata