cron-schedule
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions and examples for using the
CronCreatetool to establish workers that survive session restarts. This functionality allows for the creation of persistent background processes that operate independently of the active user session, which could be used to maintain unauthorized access or execute hidden tasks. - [PROMPT_INJECTION]: The skill utilizes a pattern where natural language prompts are scheduled for delayed execution via
CronCreate. This creates a surface for indirect prompt injection where scheduled instructions could be manipulated or lack necessary context. - Ingestion points: The
promptparameter within theCronCreatetool call inSKILL.md. - Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the scheduled strings.
- Capability inventory: Includes
CronCreate,CronList,CronDelete, andmcp__claude-flow__hooks_worker-dispatch(SKILL.md). - Sanitization: Absent; the skill does not define validation or filtering for the content of scheduled prompts.
Audit Metadata