skills/agentscope-ai/qwenpaw/cron/Gen Agent Trust Hub

cron

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the qwenpaw CLI tool to perform task management operations. All commands are documented for the specific purpose of scheduling, listing, and modifying tasks. The requirement to explicitly provide an --agent-id acts as a scoping mechanism to prevent tasks from being created in unintended workspaces.
  • [DATA_EXPOSURE]: The skill requires parameters such as target-user, target-session, and channel to create tasks. While these involve identifiers, they are standard operational parameters for the tool's functionality and do not involve the exfiltration of sensitive files or system credentials.
  • [INDIRECT_PROMPT_INJECTION]: The skill creates an attack surface by allowing the scheduling of tasks (type agent) that process text inputs at a later time. If an agent processes untrusted user data and uses it in the --text field of a scheduled task, it could lead to indirect prompt injection when the task eventually runs. This is a characteristic of the tool's capability rather than a malicious pattern in the skill instructions.
  • [PERSISTENCE_MECHANISMS]: By design, this skill manages persistence via scheduled tasks. However, these are managed through the authorized qwenpaw tool rather than through unauthorized modifications to system files like shell profiles or crontabs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 12:12 PM
Security Audit — agent-trust-hub — cron