apify-lead-generation
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external Apify Actors which introduces a risk of indirect prompt injection.
- Ingestion points: Data is fetched from the Apify API (
api.apify.com) as seen inreference/scripts/run_actor.js. - Boundary markers: The instructions in
SKILL.mddo not specify the use of delimiters to isolate the scraped data from system instructions. - Capability inventory: The agent can execute shell commands and write files, providing a potential impact path for injected content.
- Sanitization: The
run_actor.jsscript lacks sanitization logic to strip instructions from the actor output. - Remediation: Use clear delimiters and instructions to ignore embedded commands in external content.
- [COMMAND_EXECUTION]: The skill uses the
mcpcCLI and a local script for scraping functions. - Details: These actions are required for the skill's primary purpose and are executed within a standard development environment.
- [EXTERNAL_DOWNLOADS]: The skill requires downloading the
@apify/mcpctool from NPM. - Details: This is a standard dependency for Apify services and is obtained from a well-known registry.
Audit Metadata