scheduled-task

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill allows users to schedule arbitrary instructions via the prompt field for future execution. The documentation explicitly states that when these tasks run, all tool calls are automatically approved (auto-approve), bypassing the standard requirement for manual user confirmation. This creates a persistence surface for potentially malicious instructions to be executed without supervision later.
  • [COMMAND_EXECUTION]: The script scripts/create-task.sh performs several shell operations, including:
  • Using cat to read payload data from temporary files (via the @file syntax).
  • Executing a bundled JavaScript snippet using node or an Electron runtime to perform HTTP requests.
  • Using curl or wget as fallback mechanisms for network communication.
  • [DATA_EXFILTRATION]: The skill transmits task configuration data, including the name, execution prompt, and working directory, to an internal API endpoint defined by the LOBSTERAI_API_BASE_URL environment variable. While this is described as an internal proxy, the transmission of potentially sensitive instruction data to a network endpoint should be noted.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — scheduled-task