apify-actor-development
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the official Apify CLI (
apify run,apify push) and standard package managers (npm,pip) to facilitate Actor development. These tools and their usage are standard for the Apify platform and do not present a security risk. - [PROMPT_INJECTION]: The skill is designed to create Actors that process untrusted data from external websites, creating a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through web scraping operations defined in the
src/directory. - Boundary markers: The skill does not provide specific boundary markers for prompt interpolation but includes comprehensive instructions on how to handle untrusted data safely.
- Capability inventory: The environment supports local code execution through
apify runand deployment to the Apify cloud platform viaapify push. - Sanitization: The documentation contains dedicated security sections with mandatory rules for sanitizing crawled data, validating input schemas, and preventing the execution of scraped content.
Audit Metadata