shortcuts-generator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It takes user instructions to generate shortcut actions, including high-risk actions like 'Run Shell Script' (is.workflow.actions.runscript).
- Ingestion points: User requests (e.g., 'make a shortcut to...') are used to populate parameters in the shortcut generation logic in
SKILL.md. - Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present to prevent malicious data from influencing the shortcut's behavior.
- Capability inventory: The skill can write files to
/tmpusing Python'sopen()andplistlib.dump(), and it triggers the macOSopencommand to import these files. - Sanitization: There is no evidence of sanitization, validation, or escaping of user-provided content before it is embedded into the plist structure of the generated shortcut.
- [COMMAND_EXECUTION]: The skill uses the system
opencommand to import the generated shortcut file into the macOS Shortcuts app. While this requires manual user confirmation for the import, it automates the initial execution phase for potentially untrusted files generated at runtime.
Audit Metadata