shortcut
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes shell commands by interpolating user input (e.g.,
short story <id> -t "<title>"). While it explicitly instructs the agent to escape double quotes, shell meta-characters or improper handling by the execution environment could still lead to command injection. - [EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of the
shortcut-clipackage via Homebrew or npm. While these are standard package managers, the security of the skill depends on the integrity of the external package. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill fetches and displays content from Shortcut stories and epics (titles, descriptions, comments). This content is attacker-controllable if an external party has access to the Shortcut workspace, creating a surface for indirect prompt injection.
- Ingestion points: Data fetched via
short story <id>andshort search. - Boundary markers: None explicitly defined for processing fetched text.
- Capability inventory: File system access (via CLI), network operations (via CLI), and API modification capabilities (
short api). - Sanitization: Input escaping is mentioned for commands, but no sanitization is defined for data fetched from the Shortcut API before being processed by the agent.
Audit Metadata