shortcuts-generator
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'open' command to trigger the import of generated plist files into the system's Shortcuts application.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by converting untrusted user instructions into executable workflow actions.
- Ingestion points: User prompts defining desired shortcuts via instructions in SKILL.md.
- Boundary markers: No specific delimiters or safety instructions are defined to separate user input from the generated plist structure.
- Capability inventory: File system writing (Python plistlib) and shell command execution (open); the generated shortcuts can perform high-risk actions like running shell scripts ('is.workflow.actions.runscript') and sending emails.
- Sanitization: No input sanitization or parameter validation is performed on data used to construct the shortcut actions.
Audit Metadata