schedule-recurring-agent

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs agents to ingest and process untrusted data from external sources, creating a risk for indirect prompt injection. 1. Ingestion points: Data is ingested through tasks like issue triage, pull request monitoring, and CVE audits as described in the skill overview and Phase 1. 2. Boundary markers: The provided instructions emphasize idempotency and completion but do not specify the use of strict delimiters (like XML tags or triple quotes) or 'ignore' instructions to isolate untrusted data from the agent's core task brief. 3. Capability inventory: The recurring agents have access to powerful tools including Bash, Write, and CronCreate, allowing them to perform significant system modifications or persist across sessions. 4. Sanitization: The documentation focuses on operational bounds and frequency matching rather than the sanitization, filtering, or escaping of the external content being processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:15 AM
Security Audit — agent-trust-hub — schedule-recurring-agent