Skills
skills/sickn33/antigravity-awesome-skills/apify-competitor-intelligence/Gen Agent Trust Hub

apify-competitor-intelligence

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands using mcpc and node. It specifically instructs the agent to read sensitive environment variables from a .env file using grep and xargs to facilitate API authentication.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
  • Ingestion points: The script run_actor.js fetches scraped data from external platforms (Google Maps, Facebook, YouTube, TikTok, etc.) via the Apify API (api.apify.com/v2/datasets).
  • Boundary markers: Absent. There are no delimiters or specific instructions to the agent to disregard instructions potentially embedded in the scraped competitor data.
  • Capability inventory: The run_actor.js script has filesystem write access (writeFileSync). The SKILL.md file grants the agent the ability to execute arbitrary Node.js scripts and CLI tools in the local environment.
  • Sanitization: Absent. While the script truncates long strings for display purposes, it does not perform any validation, filtering, or escaping of the content retrieved from the web before presenting it to the agent for summarization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 08:44 AM