Skills
skills/apify/apify-mcp-server/feature-spec/Gen Agent Trust Hub

feature-spec

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Bash for local codebase exploration and the GitHub CLI (gh issue create) to create and manage feature specifications. These operations are restricted to the local environment and the project's repository.
  • [EXTERNAL_DOWNLOADS]: Fetches specifications and guidelines from official and well-known technology sources, including modelcontextprotocol.io and documentation hosted on GitHub.
  • [DATA_EXFILTRATION]: Accesses local project files and sibling directories, such as ../apify-mcp-server-internal, to assess cross-project impact. These resources are part of the vendor's (Apify) development ecosystem and are accessed for legitimate context gathering.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes data from external web pages and local files to generate its output.
  • Ingestion points: Local files accessed via Read and Glob, and external web content via WebFetch.
  • Boundary markers: No specific delimiters are defined in the instructions to separate external data from system instructions.
  • Capability inventory: Includes powerful tools like Bash and the gh CLI for system and API interactions.
  • Sanitization: There is no explicit evidence of sanitization or validation of the ingested external content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 01:06 AM