cron-mastery
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of documentation and configuration templates. No executable scripts (e.g., Python, JavaScript) or binary files are included in the package.
- [SAFE]: No malicious patterns or security risks were identified. The skill utilizes built-in platform tools such as
cron:add,cron:list, andcron:deletefor standard administrative tasks like setting reminders and performing maintenance cleanups. - [PROMPT_INJECTION]: The skill includes a 'Morning Briefing' template in
references/TEMPLATES.mdthat processes external data from web searches, presenting a vulnerability surface for indirect prompt injection. * Ingestion points: External web search results are ingested into the agent's context via the cron job payload message. * Boundary markers: The template does not define explicit delimiters to separate external content from agent instructions. * Capability inventory: Capabilities are limited to searching and summarization, which are low-risk activities. * Sanitization: No input sanitization or validation logic is provided in the templates for processing the search results.
Audit Metadata