cron
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection via the 'Task' mode, which instructs the agent to execute the 'message' parameter as a task description. This could allow an attacker to inject recurring malicious tasks if the agent processes data from external sources. (1) Ingestion points: The 'message' parameter in the cron(action='add') tool. (2) Boundary markers: None are provided to separate user instructions from untrusted data. (3) Capability inventory: The agent is explicitly told to execute the message and report the result, which can include network or file system operations. (4) Sanitization: No sanitization or validation of the task content is defined.
- Persistence (LOW): As a tool designed for recurring tasks, the skill inherently provides a mechanism for persistence. While this is the intended primary purpose, it could be leveraged to maintain malicious logic within the agent's environment across sessions.
Audit Metadata