Skills
skills/sickn33/antigravity-awesome-skills/apify-content-analytics/Snyk

apify-content-analytics

Warn

Audited by Snyk on Mar 5, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill runs Apify scrapers for public social platforms (e.g., apify/instagram-, apify/facebook-, clockworks/tiktok-scraper, streamers/youtube-scraper) and then fetches and reads result items from the Apify dataset API (https://api.apify.com/v2/datasets/…/items) in displayQuickAnswer/downloadResults and uses those items to produce summaries, so untrusted, user-generated third-party content is directly ingested and can influence agent outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's runtime code calls Apify APIs (e.g., POST to https://api.apify.com/v2/acts/{author~actor}/runs?token=...) to start remote Apify actors (thereby executing remote code) and later fetches dataset results, and the skill requires these external actor runs to function.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 08:43 AM