Apify Run Trigger
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill is defined entirely in markdown and metadata, containing no executable scripts or binary files. All logic is handled by the AI agent and the platform edge functions.\n- [PROMPT_INJECTION]: The skill processes untrusted natural language to generate API parameters, creating an indirect prompt injection surface.\n
- Ingestion points: The input_description field in SKILL.md accepts raw user text.\n
- Boundary markers: No specific delimiters or instructions are provided to the agent to ignore embedded commands in the input.\n
- Capability inventory: The skill utilizes the apify_api capability and calls the apify-admin edge function to start runs.\n
- Sanitization: No programmatic sanitization or schema validation of the translated JSON is specified, though a manual confirmation step is implemented.
Audit Metadata