schedule
Fail
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill is designed to generate and execute arbitrary shell scripts (Bash and PowerShell) locally by writing them to the filesystem and then registering them for execution via platform-native schedulers.
- [COMMAND_EXECUTION]: The implementation utilizes high-privilege system utilities for persistence, including
Register-ScheduledTaskon Windows,systemd-run --useron Linux, andlaunchctl bootstrapon macOS. - [PROMPT_INJECTION]: The instructions explicitly guide the agent to bypass security constraints and permission models when scheduling other AI agent sessions. This includes using flags such as
--permission-mode bypassPermissionsand--dangerously-skip-permissionsfor Claude Code,--allow-allfor GitHub Copilot, and--sandbox danger-full-accessfor OpenAI Codex. - [COMMAND_EXECUTION]: The Windows implementation specifically employs
-ExecutionPolicy Bypasswhen executing scheduled PowerShell scripts, which overrides local security settings regarding script signing. - [COMMAND_EXECUTION]: The Linux reference suggests using
loginctl enable-linger, which enables persistence across user sessions and may require elevated privileges viasudoor polkit to execute.
Recommendations
- AI detected serious security threats
Audit Metadata