Cron Job Template
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill architecture relies on reading and executing instructions from external files (
README.task.md), which constitutes an indirect prompt injection surface. - Ingestion points: The agent is directed to establish context by reading
README.structure.mdandprojects/<project>/README.task.md(defined in SKILL.md sections 1 and 2). - Capability inventory: The skill explicitly grants the task definition file control over agent actions, including "Execution Steps" and tool usage (e.g.,
search_web,find_by_name). - Boundary markers: There are no instructions for the agent to treat the content of these files as untrusted data or to prioritize system safety guidelines over the instructions found in the task files. Instead, the skill commands the agent to "STRICTLY use the default values defined in the file."
- Sanitization: The skill lacks any mechanism for validating, escaping, or filtering the instructions or parameters found within the external markdown files before the agent processes them.
Audit Metadata