apify-actor-development
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a guide for building serverless programs (Actors) on the Apify platform and includes extensive security warnings and best practices.
- [DATA_EXFILTRATION]: The instructions explicitly warn against logging or hardcoding the
APIFY_TOKENand recommend using the officialapify/logpackage, which automatically censors sensitive credentials. - [PROMPT_INJECTION]: Provides a dedicated security section instructing developers to treat all crawled web content as untrusted input, specifically warning against indirect prompt injection from scraped data.
- [EXTERNAL_DOWNLOADS]: References documentation and resources from well-known, trusted domains including apify.com, crawlee.dev, and official Apify GitHub repositories.
- [COMMAND_EXECUTION]: Explicitly discourages dangerous installation patterns like piping remote scripts to a shell (e.g.,
curl | bash), recommending instead the use of verified package managers like npm or pip. - [REMOTE_CODE_EXECUTION]: Instructs the agent and developers to avoid using
eval()or passing raw external data into code-generation functions.
Audit Metadata