First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
77/100
Findings (2)
Detects autonomous sub-agent or cron-based execution without human oversight
isolated agentTurn + autonomousRemove directives that force the agent to call specific tools or APIs not required for the skill's stated functionality. Tool calls should be determined by user intent, not embedded directives.
Likely FP if the skill legitimately needs to call other tools as part of its workflow (e.g., a deployment skill that calls git and cloud CLI tools).
Detects cron jobs or scheduled tasks that execute commands
cron jobs (avoid fragile multi-line `bash Validate cron expressions and scheduled commands against an allowlist. Ensure scheduled tasks cannot be modified by untrusted input and log all cron job changes.
Likely FP if the match is a documentation reference to crontab syntax or a short mention of cron in a description of scheduling concepts.