triggers
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Potential for indirect prompt injection via the task scheduling and event trigger system.
- Ingestion points: User-controlled 'action' and 'message' strings are ingested via the
/triggers createand/triggers croncommands inindex.ts. - Boundary markers: Absent. The skill does not wrap stored instructions in delimiters or provide 'ignore embedded instructions' warnings when these tasks are re-injected into the agent's context.
- Capability inventory: The skill interacts with a cron service that can trigger new agent turns (
agentTurn) and system events, allowing the agent to process stored strings as new prompts. - Sanitization: None detected. The skill stores and subsequently executes the provided strings without validation or escaping, which could allow a malicious actor to schedule unauthorized agent actions.
Audit Metadata