Skills
skills/hefgi/shortcut-cli-skill/shortcut/Gen Agent Trust Hub

shortcut

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the short CLI tool to manage project data and includes an advanced feature for raw API access through short api, which provides broad network interaction capabilities.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to manually install the shortcut-cli utility via Homebrew or NPM, ensuring the user retains control over software installation.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes potentially untrusted content from Shortcut stories.
  • Ingestion points: Content enters the context via short story, short search, and short epic view commands defined in SKILL.md.
  • Boundary markers: The skill does not use specific delimiters to separate external data from its own instructions.
  • Capability inventory: The skill utilizes shell command execution via the short CLI and can make arbitrary network requests via short api.
  • Sanitization: Basic escaping for double quotes is applied to user-provided strings to mitigate command injection risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 12:44 PM