Skills
skills/apify/actors-mcp-server/dig/Gen Agent Trust Hub

dig

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the local file system and GitHub.\n
  • Ingestion points: The skill reads source code using Read, Glob, and Grep (in Step 1), and fetches GitHub issue data using the gh CLI (in Step 3).\n
  • Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following malicious instructions that might be embedded in the code or issues it analyzes.\n
  • Capability inventory: The agent has access to powerful tools including Bash (shell access), WebFetch (network access), and gh (GitHub interaction).\n
  • Sanitization: No sanitization or validation of the ingested content is performed before it is presented to the model or used to generate actions.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute shell commands as part of its normal workflow.\n
  • Evidence: The instructions direct the agent to run npm run build, gh issue list, gh issue edit, and gh issue create.\n
  • Context: While these commands are consistent with the skill's purpose as a developer tool, the use of shell execution with potentially unvalidated arguments (like issue search keywords) represents a broad capability.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 10:42 AM