peach-add-cron
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes verification instructions that require the execution of build and linting commands (
bun run build,bun run lint:fixed) within the user's development environment to ensure the generated code is valid. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-provided data, such as
module-nameandjob description, directly into file system paths and source code templates. While instructions advise using kebab-case, a lack of strict validation could allow for path traversal or the generation of unexpected code structures. - Ingestion points: User-provided inputs for module names and descriptions in SKILL.md.
- Boundary markers: None; relies on the agent to interpret instructions for formatting.
- Capability inventory: File writing (service and DAO files) and subprocess execution for build verification.
- Sanitization: Limited to instructional guidance regarding naming conventions.
- [SAFE]: The generated code includes a
getServerInfomethod designed to collect internal environment metadata (IP address, hostname, process ID, and OS platform). This data is intended for localized auditing within thecommon_log_crondatabase table and is not transmitted to external or untrusted destinations.
Audit Metadata