Oathe Security Badge

Is tintinweb/pi-schedule-prompt safe?

https://github.com/tintinweb/pi-schedule-prompt

92
SAFE

This skill provides legitimate prompt scheduling functionality but poses moderate security risks due to its ability to store and execute arbitrary prompts at future times. The implementation includes reasonable safety measures against recursive execution and proper isolation for subagent sessions.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

MEDIUM Delayed Prompt Execution Risk -15

The skill allows users to schedule arbitrary prompts for future execution. While it includes protection against recursive scheduling, there is no validation of prompt content for malicious instructions. This could enable delayed prompt injection attacks where malicious prompts are executed when the user is not actively monitoring.

LOW Subagent Execution Capabilities -10

The skill can spawn separate agent sessions with specified models using the subagent functionality. While safety measures are implemented (noExtensions: true, limited tool access), this represents additional execution capability that could potentially be misused.

MEDIUM Persistence and Stealth Execution -15

Scheduled jobs persist across sessions and can execute when the user is not actively monitoring. This could be used to maintain persistence or execute malicious prompts at opportune times. The skill could be combined with social engineering to trick users into scheduling harmful prompts.

LOW File System Access -5

The skill reads and writes to the local filesystem for storing scheduled jobs. While this appears to be for legitimate functionality only, it represents additional file system access.