Skills
skills/vanman2024/ai-dev-marketplace/beat-scheduling/Gen Agent Trust Hub

beat-scheduling

Warn

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes shell scripts scripts/test-beat.sh and scripts/validate-schedule.sh that automate the testing and validation of the Celery environment by executing local commands and dynamically generating Python code to inspect application configuration.
  • [PROMPT_INJECTION]: The template templates/dynamic-schedules.py implements a pattern for loading task schedules from external JSON files, which introduces an indirect prompt injection surface where a malicious configuration file could be used to execute unauthorized tasks within the task queue.
  • Ingestion points: External JSON configuration files (e.g., schedules.json) loaded via load_schedule_config.
  • Boundary markers: None identified in the provided templates to isolate external configuration from the execution logic.
  • Capability inventory: The skill uses sender.add_periodic_task and app.signature which are capable of triggering any registered task.
  • Sanitization: No validation or sanitization logic is implemented for the task signatures or arguments ingested from the external files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 13, 2026, 10:38 PM