cron-manager
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates modifying system persistence by providing templates for adding and removing cron jobs using the crontab command.
- [COMMAND_EXECUTION]: Includes instructions for managing system services and viewing system logs via systemctl and journalctl, which typically necessitate elevated or root-level privileges.
- [COMMAND_EXECUTION]: Dynamically executes Python code strings at runtime via the command line to validate cron expressions and perform human-readable conversions.
- [DATA_EXFILTRATION]: Provides methods to access and monitor sensitive system-level log files such as /var/log/cron.
- [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection where untrusted user input is interpolated into system scheduling commands. 1. Ingestion points: User-defined scripts and schedules within SKILL.md templates. 2. Boundary markers: None present. 3. Capability inventory: Modification of system crontabs, service management, and Python code execution. 4. Sanitization: No sanitization or validation of user-provided script content is documented.
Audit Metadata