task-automation
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions and code for establishing persistent execution mechanisms.\n
- Evidence: Provides instructions for adding entries to
crontaband mentions usingsystemdtimers for recurring tasks.\n - Evidence: Includes a Python example script that utilizes the
watchdoglibrary to run as a persistent background observer for file system events.\n- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection through the processing of untrusted external data.\n - Ingestion points: The skill describes processes that read CSV files from user-accessible directories (
~/data/incoming/) and consume JSON responses from a remote API (https://api.example.com/health).\n - Boundary markers: There are no instructions or delimiters provided to prevent the agent from interpreting instructions that might be embedded within the processed data.\n
- Capability inventory: The automation examples include capabilities for file system modification (writing JSON, moving/deleting files) and making outbound network requests (
urllib.request.urlopen).\n - Sanitization: While the skill performs basic validation of data structure (e.g., checking CSV headers), it does not implement sanitization of the data content itself.
Audit Metadata