apify-lead-generation
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to interact with the Apify platform, specifically calling the
mcpcCLI to fetch Actor schemas and running a Node.js script to perform data scraping. - [EXTERNAL_DOWNLOADS]: Requires the user to install
@apify/mcpcvia npm, which is the official Model Context Protocol client for Apify, a well-known technology provider. - [DATA_EXFILTRATION]: The skill accesses a sensitive
APIFY_TOKENstored in a local.envfile. This token is used to authenticate POST and GET requests toapi.apify.comfor running Actors and retrieving results, which is consistent with the skill's documented functionality. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from various external websites (Instagram, TikTok, Google Maps) and presents it to the agent.
- Ingestion points: Scraped data is downloaded from Apify datasets via
api.apify.cominrun_actor.js(functionsdownloadResultsanddisplayQuickAnswer). - Boundary markers: No explicit delimiters or instructions are used to separate scraped content from agent instructions.
- Capability inventory: The skill can perform network requests (
fetchinrun_actor.js) and write results to the local filesystem (writeFileSync). - Sanitization: The script performs basic CSV escaping and truncates long strings for display, but does not sanitize content for potentially malicious instructions.
Audit Metadata