manage
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses platform-specific utilities (
systemctl,launchctl,schtasks.exe) to install persistent task schedules that survive system reboots. - [REMOTE_CODE_EXECUTION]: The orchestrator allows users to schedule 'script' tasks, which leads to the execution of arbitrary shell scripts via generated wrappers (
.shor.ps1) without manual intervention. - [CREDENTIALS_UNSAFE]: The generated wrapper scripts attempt to programmatically retrieve and export the
ANTHROPIC_API_KEYfrom system secret stores (macOS Keychain, Linux GNOME Keyring, Windows Credential Manager) or local configuration files to facilitate non-interactive authentication. - [PROMPT_INJECTION]: The skill provides a 'bypass' permission preset that configures tasks to run with the
--dangerously-skip-permissionsflag, effectively disabling safety guardrails that usually require human approval for tool execution. - [COMMAND_EXECUTION]: The
scheduler.pyscript generates executable wrapper files at runtime using string replacement in templates, which are subsequently executed by the platform backends.
Audit Metadata