apify-content-analytics
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the mcpc CLI tool and a bundled Node.js script to perform analytics tasks on the Apify platform.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @apify/mcpc package from the official npm registry, a well-known service.
- [PROMPT_INJECTION]: There is a risk of indirect prompt injection due to the processing of untrusted web content. 1. Ingestion points: Data is fetched from Instagram, Facebook, YouTube, and TikTok via Apify Actors in run_actor.js. 2. Boundary markers: The workflow lacks explicit delimiters to distinguish external data from agent instructions during summarization. 3. Capability inventory: The skill has permissions to execute subprocesses, make network requests, and write files. 4. Sanitization: No validation or sanitization is performed on the scraped content to mitigate malicious instructions.
Audit Metadata