schedule-task
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute arbitrary shell commands provided as strings via the
commandparameter. This is a high-privilege capability that serves as the primary purpose of the skill but introduces significant risk if the commands are influenced by untrusted data.- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it processes command strings that may originate from external, untrusted sources processed by the agent. - Ingestion points: Untrusted data can enter the agent context and be passed to the
commandargument in theschedule()function or the Bash CLI. - Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions for the command input.
- Capability inventory: The skill can execute any shell command, schedule it for recurring execution, and log outputs to the local filesystem.
- Sanitization: The documentation claims 'shell injection prevention' and 'command approval' are in place, but these internal mechanisms cannot be verified from the provided markdown.- [COMMAND_EXECUTION]: By allowing tasks to be scheduled for future or recurring execution, the skill facilitates persistence. This allows potentially malicious scripts to remain active on the system long after the initial interaction with the AI agent has concluded.
Audit Metadata