Security Audit

apify-trend-analysis

github.com/apify/agent-skills

AI SkillCommit 0ea3e0099fde

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

apify-trend-analysis received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Path Traversal via unsanitized output filename.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit 0ea3e009). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

85%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Path Traversal via unsanitized output filename The `SKILL.md` instructs the LLM to construct a `node` command that includes an `--output` argument for saving results to a file. The filename for this argument is intended to be derived from user preferences. The `reference/scripts/run_actor.js` script, which processes this argument, directly uses the provided `outputPath` (from `values.output`) in a file write operation (implied `writeFileSync` within the truncated `downloadResults` function) without proper sanitization. An attacker could provide a malicious filename containing path traversal sequences (e.g., `../../../../etc/passwd`) to write data to arbitrary locations on the filesystem, potentially leading to data corruption, unauthorized file modification, or even remote code execution if critical system files are overwritten. 1. In `reference/scripts/run_actor.js`: Implement robust sanitization for the `outputPath` argument. This should involve validating the filename to ensure it does not contain path separators (`/`, `\`) or directory traversal sequences (`..`). Consider using `path.basename()` to extract only the filename and `path.join()` with a designated, secure output directory to prevent writing outside of it. 2. In `SKILL.md`: Instruct the LLM to explicitly sanitize or validate user-provided filenames before constructing the `--output` argument, or clearly communicate to the user that only simple filenames without special characters or path separators are allowed.	Static	reference/scripts/run_actor.js:46

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f1dff79055b5fbe0.svg)](https://skillshield.io/report/f1dff79055b5fbe0)