schedule
Fail
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: HIGHCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
node scripts/local-schedule.jsvia shell to manage task persistence. - [COMMAND_EXECUTION]: User-supplied intervals and commands are interpolated into shell command strings (e.g.,
node scripts/local-schedule.js add "<expr>" "<command>"), which creates a risk of command injection if inputs are not properly sanitized by the underlying script. - [NO_CODE]: The referenced script
scripts/local-schedule.jsis missing from the skill bundle, preventing a full security audit of how it manages system-level persistence and input validation.
Recommendations
- AI detected serious security threats
Audit Metadata