apify-ecommerce
Warn
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions and metadata repeatedly reference the sensitive file path
~/.claude/.envfor storing theAPIFY_TOKEN. Hidden environment files in user home directories are sensitive as they may contain various platform-specific secrets or configuration data beyond what is required for the skill. - [DATA_EXFILTRATION]: The
run_actor.jsscript transmits the user'sAPIFY_TOKENas a query parameter in URLs sent toapi.apify.com. Transmitting sensitive tokens in query strings is a risky practice as they can be captured in server logs, proxy logs, or browser history. - [PROMPT_INJECTION]: The skill workflow is designed to ingest and summarize untrusted data from external sources (e-commerce product descriptions and reviews), which constitutes an indirect prompt injection surface.
- Ingestion points: The script
run_actor.jsfetches data from the Apify API (e.g., product details, reviews). - Boundary markers: The instructions do not include specific delimiters or warnings for the agent to ignore instructions embedded in the scraped content.
- Capability inventory: The skill possesses network access (
fetch) and filesystem write access (writeFileSync). - Sanitization: No sanitization or validation of the external content is performed before it is processed or summarized.
- [COMMAND_EXECUTION]: The skill provides several shell command examples that execute a local JavaScript file (
run_actor.js) using thenoderuntime. This script has the capability to write arbitrary data to the local filesystem based on user-supplied parameters.
Audit Metadata