cron-manager
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a Python script (scripts/cron_manager.py) to perform administrative actions on scheduled tasks, including creation, modification, and execution via a local management API.
- [DATA_EXFILTRATION]: The script directly accesses and modifies the local SQLite database 'countbot.db' (at ../../../../data/countbot.db) to manage session records and message history, which contains sensitive user data.
- [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface through the 'message' parameter, which stores instructions for the AI to execute at a later time.
- Ingestion points: The '--message' argument in the 'create' command and the task definitions within JSON files used by the 'batch-create' command.
- Boundary markers: Absent; instructions stored in the database are not wrapped in delimiters or accompanied by warnings to ignore embedded commands.
- Capability inventory: The skill can read/write to the local 'countbot.db' database and trigger automated agent actions via a local API.
- Sanitization: No sanitization or verification of the task message content is performed before storage in the database.
Audit Metadata