shortcuts-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGH
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses the 'Bash' tool specifically to run 'shortcuts sign', a standard macOS utility for signing .shortcut files. This is a restricted and documented use of command execution necessary for the skill's stated purpose.
- [EXTERNAL_DOWNLOADS] (SAFE): No external code or packages are downloaded. The identifiers (e.g., 'is.workflow.actions.gettext') are internal schema identifiers for the Apple Shortcuts app, not remote resources.
- [PROMPT_INJECTION] (SAFE): No instructions were found that attempt to bypass safety filters or override system instructions. The content is strictly focused on technical guidance for shortcut generation.
- [INDIRECT_PROMPT_INJECTION] (LOW): While the skill enables an agent to write files and execute a signing command, it does not ingest external data itself. The risk of indirect injection is negligible as it functions primarily as an output generator for the agent.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata