editing-jobs
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes bash commands to manage files and check tool availability. Evidence includes commands such as
which agcron,ls .cron/jobs/,cat .cron/jobs/{id}.md,rm .cron/jobs/{id}.md, andcat > .cron/jobs/{id}.mdfor file operations. Explicit user confirmation is required for both write and delete operations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of reading and writing external files that define agent jobs. Ingestion points: The skill reads content from
.cron/jobs/{id}.mdusing thecatcommand inSKILL.md. Boundary markers: There are no explicit markers used to separate external file content from the agent's internal instructions when displayed. Capability inventory: The skill has the ability to write to files using redirected output (cat >) and delete files usingrm. Sanitization: Input validation is performed for fields like cron expressions and adapter names as detailed inSKILL.mdandreferences/field-reference.md.
Audit Metadata