apify-actor-development
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the creation of web scraping tools that ingest data from external, untrusted websites. While the skill itself contains instructions for the AI, the resulting actors are exposed to indirect prompt injection from crawled content.\n
- Ingestion points: Web content scraped from external URLs as described in
SKILL.md.\n - Boundary markers: Not applicable for the static instructions, but the skill mandates user-implemented sanitization.\n
- Capability inventory: The skill uses
apify runandapify pushfor local execution and deployment of code.\n - Sanitization: The instructions include a dedicated security section requiring the validation and sanitization of all external data.\n- [EXTERNAL_DOWNLOADS]: Recommends installing the Apify CLI through official channels such as NPM or Homebrew, and includes security warnings against insecure installation methods like piping remote scripts directly to a shell.\n- [COMMAND_EXECUTION]: Directs the agent to use the Apify CLI for standard development tasks, including project initialization, local testing, and platform deployment.
Audit Metadata