apify
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill communicates exclusively with api.apify.com, which is the official and well-known service endpoint for the Apify platform. No data is sent to unauthorized or suspicious third-party domains.
- [CREDENTIALS_UNSAFE]: Credential management follows best practices. The skill documentation instructs users to use environment variables (APIFY_TOKEN) and utilizes the platform's vm0_secrets mechanism for secure token handling, avoiding hardcoded secrets.
- [COMMAND_EXECUTION]: Shell commands are used for legitimate purposes, such as making API requests with curl and processing JSON responses with jq. No arbitrary or malicious command execution patterns were found.
- [PROMPT_INJECTION]: As a scraping tool, the skill handles external data retrieved from the web. However, it does not perform dangerous operations on this data, such as piping it into shell commands or using it in dynamic code execution, maintaining a safe operating profile.
Audit Metadata