cron
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
qwenpawCLI tool to perform task management operations. All commands are documented for the specific purpose of scheduling, listing, and modifying tasks. The requirement to explicitly provide an--agent-idacts as a scoping mechanism to prevent tasks from being created in unintended workspaces. - [DATA_EXPOSURE]: The skill requires parameters such as
target-user,target-session, andchannelto create tasks. While these involve identifiers, they are standard operational parameters for the tool's functionality and do not involve the exfiltration of sensitive files or system credentials. - [INDIRECT_PROMPT_INJECTION]: The skill creates an attack surface by allowing the scheduling of tasks (type
agent) that process text inputs at a later time. If an agent processes untrusted user data and uses it in the--textfield of a scheduled task, it could lead to indirect prompt injection when the task eventually runs. This is a characteristic of the tool's capability rather than a malicious pattern in the skill instructions. - [PERSISTENCE_MECHANISMS]: By design, this skill manages persistence via scheduled tasks. However, these are managed through the authorized
qwenpawtool rather than through unauthorized modifications to system files like shell profiles or crontabs.
Audit Metadata