sync-scheduler
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface where untrusted data provided during schedule registration is later processed by job handlers.
- Ingestion points: The
registermethod described inreferences/api.mdaccepts aninputparameter of typeunknown, which is stored and later passed to job execution logic. - Boundary markers: The library does not natively enforce boundary markers or delimiters between the schedule input and the agent's instructions.
- Capability inventory: The job system (referenced in
SKILL.mdandreferences/api.md) includes the capability to executeprocessfunctions and submit further jobs viajob.submit, potentially creating execution chains based on injected data. - Sanitization: The provided usage example in
references/api.mddemonstrates the use of thezodlibrary for schema validation, which serves as a mitigation against malformed or malicious inputs if implemented by the developer.
Audit Metadata