Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/apify-deploy-integration/Gen Agent Trust Hub

apify-deploy-integration

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection because it is designed to ingest and process untrusted data from external web sources.
  • Ingestion points: Untrusted content enters the agent context in SKILL.md when the skill fetches items from Apify datasets (e.g., client.dataset(run.defaultDatasetId).listItems()).
  • Boundary markers: No delimiters or explicit instructions to treat the scraped content as untrusted data are provided in the code examples or instructions.
  • Capability inventory: the skill environment is highly capable, with access to Bash (including apify, npm, vercel, and gcloud tools), and file system operations (Read, Write, Edit).
  • Sanitization: The provided integration examples do not include sanitization, validation, or filtering of the scraped data before it is consumed or potentially presented back to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:10 PM
Security Audit — agent-trust-hub — apify-deploy-integration