cron
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is defined entirely within a markdown file and does not include any Python, Node.js, or shell scripts.
- [SAFE]: No malicious patterns such as credential theft, obfuscation, or direct prompt injection attempts were found in the skill metadata or body.
- [PROMPT_INJECTION]: The skill allows the agent to execute tasks described in natural language on a schedule, which constitutes an indirect prompt injection surface. Evidence: 1. Ingestion points: 'message' parameter in the cron tool definition (SKILL.md). 2. Boundary markers: No delimiters or isolation instructions are provided for the scheduled message. 3. Capability inventory: The agent is instructed to execute the message content as a task and report the result. 4. Sanitization: No content validation or sanitization is specified for the scheduled tasks.
Audit Metadata