scheduled-tasks
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
launchctl(macOS),crontab(Linux), andschtasks(Windows) to create persistent background tasks. This is a form of system persistence that allows code to run outside the immediate agent session. - [COMMAND_EXECUTION]: It performs dynamic generation of executable configuration files, such as creating
.plistfiles in~/Library/LaunchAgents/using shell redirection (cat > ...). - [COMMAND_EXECUTION]: The skill modifies the system's
crontabby piping existing lists into new ones with appended commands, which can lead to misconfiguration or unintended persistence if the logic is manipulated. - [COMMAND_EXECUTION]: This skill presents an attack surface for indirect prompt injection.
- Ingestion points: Untrusted user descriptions for tasks (e.g., "remind me to...") are accepted in
SKILL.md. - Boundary markers: None identified in the command templates.
- Capability inventory: Full shell execution via system schedulers (
cron,launchd,schtasks). - Sanitization: No visible sanitization or validation of the task strings before they are injected into the scheduling commands.
Audit Metadata