Skills
skills/drewocarr/generate-shortcuts-skill/shortcuts-generator/Gen Agent Trust Hub

shortcuts-generator

Fail

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: CRITICAL
Full Analysis
  • EXTERNAL_DOWNLOADS (SAFE): The automated scanner flagged 'is.workflow.ac' as a malicious URL. Analysis confirms this is a false positive; the string is a substring of the 'is.workflow.actions' prefix used for internal Apple Shortcuts action identifiers (e.g., 'is.workflow.actions.gettext'). No network traffic to this domain is initiated.
  • COMMAND_EXECUTION (SAFE): The skill utilizes the 'Bash' tool to invoke the macOS 'shortcuts sign' command. This is a standard and safe operation required to make generated Shortcut files importable on Apple devices.
  • DATA_EXFILTRATION (SAFE): No patterns indicative of data exfiltration, sensitive file access, or hardcoded credentials were found within the skill documentation.
  • NO_CODE (SAFE): This skill contains no executable scripts (Python, JavaScript, etc.). It consists entirely of Markdown documentation that guides the AI agent on how to structure XML data for the Shortcuts app.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 22, 2026, 08:47 AM