cron-writer
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the 'ai-cron-gen' package from the official NPM registry at runtime using npx.
- [REMOTE_CODE_EXECUTION]: The package content is executed immediately upon download. Without version pinning (e.g., ai-cron-gen@1.0.0), the skill executes the latest available code, which lacks integrity verification and could be modified by the package author without notice.
- [COMMAND_EXECUTION]: The skill's core functionality is implemented through the execution of shell commands.
- [PROMPT_INJECTION]: The skill interpolates natural language input directly into a shell command string, creating an indirect prompt injection surface.
- Ingestion points: Schedule description strings (e.g., 'every day at midnight') provided as arguments to the npx command.
- Boundary markers: None identified in the provided skill documentation to isolate user input from the shell syntax.
- Capability inventory: Shell execution via npx.
- Sanitization: No evidence of shell argument escaping or input validation is present in the skill instructions.
Audit Metadata