Apple Shortcuts Integration
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. It ingests untrusted data via the iOS share sheet (
get_shared_inputinshortcut_quick_capture) and user-provided variables (text_to_processinSKILL.md). This data is processed by capabilities likeshortcuts_run,notes_create, andreminders_create. The absence of boundary markers or sanitization logic means the agent may inadvertently follow instructions embedded in the processed data. - [DATA_EXFILTRATION]: The skill accesses sensitive personal data, including the system clipboard, private notes, reminders, and calendar events. It describes synchronization workflows (e.g.,
sync_to: notion) that could move this local data to external platforms, representing a potential exposure surface. - [COMMAND_EXECUTION]: The skill provides the ability to trigger local Apple Shortcuts (
shortcuts_run), allowing for the execution of complex, user-defined automation logic on the host system. - [NO_CODE]: The skill consists solely of markdown documentation and YAML tool definitions, with no executable scripts or binary files provided.
Audit Metadata