Skills
skills/hkuds/nanobot/cron/Gen Agent Trust Hub

cron

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the message parameter. Malicious commands can be scheduled for recurring execution.\n
  • Ingestion point: message parameter in SKILL.md examples.\n
  • Boundary markers: No delimiters or warnings are specified to separate instructions from data in the scheduled message.\n
  • Capability inventory: The 'Task' mode documentation states the agent executes the message and sends the result, implying access to agent capabilities.\n
  • Sanitization: No sanitization or verification of the scheduled task content is mentioned.\n- [COMMAND_EXECUTION]: The 'Task' mode allows for the scheduled execution of instructions. This provides a mechanism for persistence where an attacker can schedule malicious commands to run at intervals.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 03:30 AM