scheduler
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Persistence Mechanisms (MEDIUM): The skill instructions direct the agent to utilize system-level tools like cron, launchd, systemd, and Windows Task Scheduler to ensure tasks run at specific times or intervals. This functionality is inherently a persistence mechanism that allows code to survive reboots.
- Command Execution (MEDIUM): The skill explicitly supports 'Running a script or command' as a core capability. This allows for arbitrary code execution on the user's machine.
- Dynamic Execution (MEDIUM): Step 5 of the skill instructions authorizes the agent to 'Write small helper scripts' to facilitate task execution, which involves the creation and subsequent execution of code at runtime.
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process user-provided scheduling requests. This creates an attack surface where untrusted data could be used to manipulate the agent into scheduling malicious commands.
- Ingestion points: User input strings processed in SKILL.md.
- Boundary markers: None specified in the instructions.
- Capability inventory: Shell script execution, crontab modification, systemd/launchd configuration, PowerShell execution.
- Sanitization: Not explicitly required by the instructions beyond a manual 'Confirmation' step.
Audit Metadata