The Agent Skills Directory

[DATA_EXPOSURE_AND_EXFILTRATION]: The skill correctly handles sensitive credentials by referencing the APIFY_TOKEN through environment variables (process.env.APIFY_TOKEN) rather than hardcoding them.
[EXTERNAL_DOWNLOADS]: The skill uses the official apify-client Node.js package to interact with the Apify platform, which is a standard and expected dependency for this use case.
[INDIRECT_PROMPT_INJECTION]: The skill involves fetching and processing data from the Apify API (such as actor names and run statistics). While this data originates from an external source, it is used for technical analysis and cost reporting, presenting a minimal attack surface for indirect prompt injection.
[COMMAND_EXECUTION]: The skill provides code for managing Apify resources (e.g., aborting runs that exceed budgets), but these operations are performed via the official client library and are within the intended scope of the skill's purpose.

apify-cost-tuning