crony
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a wrapper for scheduling and executing arbitrary shell commands using native OS schedulers. This functionality allows for the persistent execution of code on the host machine.
- [EXTERNAL_DOWNLOADS]: The skill's installation process requires downloading the 'agentcli-helpers' package from a public registry. This dependency does not originate from a trusted organization or the author's identified infrastructure.
- [PROMPT_INJECTION]: The skill acts as a vector for indirect prompt injection because it can receive command strings derived from untrusted data processed by the agent. 1. Ingestion points: The argument in the 'crony add' instruction. 2. Boundary markers: No delimiters or ignore-instructions warnings are provided. 3. Capability inventory: The skill can execute shell commands, manage system tasks, and perform network operations. 4. Sanitization: No input validation or command escaping is defined.
Audit Metadata