cron

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill (SKILL.md) defines a "Task" mode where the agent schedules a string to be executed as a prompt at a later time. This enables autonomous execution of instructions triggered by time-based events.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via its task scheduling mechanism. * Ingestion points: The 'message' parameter in the cron tool (SKILL.md). * Boundary markers: No delimiters or warnings are present to isolate the message from instructions. * Capability inventory: The agent can execute arbitrary prompts as scheduled tasks (SKILL.md). * Sanitization: No validation or escaping is performed on the message content before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:25 PM
Security Audit — agent-trust-hub — cron