task-trigger
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes commands to modify system schedulers (crontab and launchd).
- Evidence: Scripts
add-to-crontab.shandadd-to-launchd.shdirectly interface with OS scheduling utilities to register recurring tasks. - Mitigation: The skill explicitly requires interactive user confirmation before applying any changes to the system scheduler and uses helper scripts to ensure consistent, validated behavior.
- [INDIRECT_PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by scheduling tasks that may process external data.
- Ingestion points: Task prompts are generated based on user requests which could include data from files, web pages, or other MCP tools.
- Boundary markers: No explicit boundary markers or 'ignore' instructions are enforced in the generated task prompts.
- Capability inventory: The skill can execute arbitrary prompts via
opencodeorkiroCLI tools in a headless background environment. - Sanitization: There is no evidence of sanitization or escaping of the prompt content before it is written to the scheduler configuration files.
Audit Metadata