cron
Warn
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill manages system-native schedulers (crontab on Linux/macOS and Task Scheduler on Windows). By design, this involves executing system-level commands to modify host configurations and schedule background processes.
- [COMMAND_EXECUTION]: The skill establishes persistence on the host machine. Scheduled tasks are configured to run even when the agent's primary interface is not active, which is a behavior typically associated with maintaining long-term access to a system.
- [PROMPT_INJECTION]: The 'message' parameter allows users or external data to schedule arbitrary natural language instructions that the agent will process at a future time. This creates an indirect prompt injection surface where malicious instructions could be 'planted' to be executed automatically in a future session.
- Ingestion points: The 'message' parameter in the 'add' action defined in SKILL.md.
- Boundary markers: None present. The skill does not define delimiters or instructions to ignore embedded commands within the scheduled message.
- Capability inventory: The skill has the ability to modify system crontab and Task Scheduler entries.
- Sanitization: No sanitization or validation logic is described for the content of the scheduled messages.
Audit Metadata