task-scheduler
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [PERSISTENCE_MECHANISMS]: The skill's primary function is to register Windows Scheduled Tasks, including tasks triggered at logon (
-AtLogOn) or recurring intervals (daily, weekly). These are standard techniques for maintaining persistence on a Windows host. - [COMMAND_EXECUTION]: The skill utilizes PowerShell cmdlets such as
Register-ScheduledTask,Start-ScheduledTask, andNew-ScheduledTaskActionto execute local scripts and programs. It specifically generates commands to run PowerShell scripts with-WindowStyle Hiddenand-NoProfileflags. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied data (task names, descriptions, and script paths) to construct execution strings.
- Ingestion points: User-provided inputs describing what to schedule enter the context in
SKILL.md. - Boundary markers: The skill lacks explicit boundary markers in the command construction to prevent command injection via user-supplied arguments.
- Capability inventory: Subprocess execution via PowerShell's task registration system is the core capability.
- Sanitization: There is no evidence of input sanitization or validation for the
C:\scripts\...path or task arguments provided by the user. - [PRIVILEGE_ESCALATION]: While the skill instructions recommend using
-RunLevel Limited, theRegister-ScheduledTaskcmdlet can potentially be used to modify system-wide task configurations depending on the agent's execution context permissions.
Audit Metadata