Trust Assessment
apify-audience-analysis received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary File Write via Unsanitized Output Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 0ea3e009). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Write via Unsanitized Output Path The `run_actor.js` script uses the `--output` command-line argument directly in `writeFileSync()` without any path sanitization or validation. If a malicious user can inject directory traversal sequences (e.g., `../../`) into the `--output` argument, the script could write arbitrary data to any location on the filesystem, potentially overwriting critical system files or creating malicious ones. Implement robust path sanitization and validation for the `outputPath` argument within `run_actor.js`. Ensure that the resolved path remains within an explicitly allowed and secure output directory. Disallow directory traversal characters (e.g., `../`, `/`) in the filename portion of the path. | Static | reference/scripts/run_actor.js:100 |
Scan History
Embed Code
[](https://skillshield.io/report/4e7f54ffe0695c53)
Powered by SkillShield