apify-sdk-integration
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official 'apify-client' library and documentation links from 'apify.com', which are legitimate vendor resources.
- [SAFE]: It provides clear security guidance for managing API tokens, advising users to use environment variables and secrets managers instead of hardcoding sensitive information.
- [PROMPT_INJECTION]: The skill documents an indirect prompt injection surface through data ingestion from web scrapers. Ingestion points: 'client.dataset().listItems()' and 'client.keyValueStore().getRecord()' in 'SKILL.md'. Boundary markers: None present in the code snippets. Capability inventory: Network requests to 'api.apify.com'. Sanitization: No data validation or escaping is shown in the integration examples.
Audit Metadata