pp-apify

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the apify-pp-cli binary using npx -y @mvanhorn/printing-press-library or go install github.com/mvanhorn/printing-press-library/library/developer-tools/apify/cmd/apify-pp-cli@latest. These resources are provided by the skill's author to enable its core functionality.
  • [COMMAND_EXECUTION]: The skill requests Read Bash permissions to execute local CLI commands for running actors, searching cached data, and managing schedules (e.g., apify-pp-cli actor-runs get, apify-pp search).
  • [DATA_EXFILTRATION]: The CLI includes a --deliver webhook:<url> feature that allows output to be POSTed to a user-specified remote server. This is a documented orchestration feature for routing results to external sinks.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests and processes untrusted data from external sources via Apify scrapers and searches.
  • Ingestion points: apify-pp search, apify-pp-cli datasets get, and apify-pp-cli logs fetch external content into the agent context.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the prompt templates.
  • Capability inventory: The skill possesses the Read Bash capability, allowing for shell interaction and local file system access.
  • Sanitization: The instructions do not specify sanitization or validation logic for the external data being processed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 02:31 AM
Security Audit — agent-trust-hub — pp-apify