Skills
skills/tencent-connect/openclaw-qqbot/qqbot-cron/Gen Agent Trust Hub

qqbot-cron

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user data into a system prompt for future execution.
  • Ingestion points: User-controlled text provided for the reminder content, interpolated into the {提醒内容} placeholder in SKILL.md.
  • Boundary markers: No delimiters or instructions are used to separate user content from the system prompt in the payload.message field.
  • Capability inventory: The cron tool (referenced in SKILL.md) has the capability to schedule and execute agentTurn payloads, enabling multi-step attack chains.
  • Sanitization: There is no evidence of input validation or escaping for the reminder text before it is embedded in the JSON payload.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 07:40 AM