trinity-schedules
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands for environment discovery and skill listing. Evidence: It executes
grepontemplate.yaml,basenameon the current path, andlson.claude/skills/to identify the agent and available procedures. - [SAFE]: The skill maintains a local registry for state persistence and interacts with the Trinity MCP server. Evidence: It reads and writes to
~/.schedule-registry.jsonusing the includedscripts/registry.pyhelper, and utilizes official Trinity MCP tools for schedule management. - [PROMPT_INJECTION]: An attack surface for indirect prompt injection exists due to the processing of external schedule names and local skill metadata. Ingestion points: Remote schedule data from Trinity MCP and local skill file metadata. Boundary markers: Absent in status reports. Capability inventory: Python script execution, local file modification, and remote tool invocation. Sanitization: Descriptive fields are displayed without content validation.
Audit Metadata