editing-jobs

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes bash commands to manage files and check tool availability. Evidence includes commands such as which agcron, ls .cron/jobs/, cat .cron/jobs/{id}.md, rm .cron/jobs/{id}.md, and cat > .cron/jobs/{id}.md for file operations. Explicit user confirmation is required for both write and delete operations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of reading and writing external files that define agent jobs. Ingestion points: The skill reads content from .cron/jobs/{id}.md using the cat command in SKILL.md. Boundary markers: There are no explicit markers used to separate external file content from the agent's internal instructions when displayed. Capability inventory: The skill has the ability to write to files using redirected output (cat >) and delete files using rm. Sanitization: Input validation is performed for fields like cron expressions and adapter names as detailed in SKILL.md and references/field-reference.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 03:42 PM
Security Audit — agent-trust-hub — editing-jobs