Skills
NYC
skills/smithery/ai/cron/Gen Agent Trust Hub

cron

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill's 'Task' mode accepts a message that the agent executes as a task description. If an attacker can influence this message (e.g., via data ingested from a website), they can inject instructions that will be executed repeatedly.
  • Ingestion points: The message parameter in the cron() function described in SKILL.md.
  • Boundary markers: Absent; there are no instructions to the agent to ignore instructions embedded within the message.
  • Capability inventory: The agent executes the content of the message string as a new task.
  • Sanitization: None provided; the skill appears to pass the message directly to the agent's task execution logic.
  • [Persistence Mechanisms] (LOW): By design, this skill allows for the creation of recurring jobs. While this is the intended purpose, it enables a malicious actor to establish long-term persistence within the agent's environment if they can successfully inject a task. The severity is lowered as this is the primary purpose of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:49 PM