apify-ultimate-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides the agent with instructions to execute several shell commands. These include using
grepto extract environment variables and running themcpcCLI tool and a local Node.js script to perform scraping tasks. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its interaction with untrusted external data.
- Ingestion points: Data is ingested from external web platforms (like Instagram, TikTok, and Facebook) and processed via the
downloadResultsanddisplayQuickAnswerfunctions inreference/scripts/run_actor.js. - Boundary markers: There are no explicit delimiters or protective instructions used when the scraped data is presented to the agent, which could lead to the agent inadvertently following instructions embedded in the scraped content.
- Capability inventory: The agent is granted the capability to execute shell commands as part of the skill's defined workflow in
SKILL.md. - Sanitization: The script performs basic truncation of long data fields for display purposes but does not implement sanitization or filtering for potential malicious instructions within the scraped data.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@apify/mcpcpackage and interacts with the Apify API atapi.apify.com. These are resources provided by Apify, a well-known service provider. - [DATA_EXFILTRATION]: The skill retrieves the
APIFY_TOKENfrom the local.envfile. This token is used to authenticate requests to the official Apify API endpoints, which is required for the skill to function as intended.
Audit Metadata