shortcut-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to override system prompts, bypass safety filters, or use role-play for malicious purposes.
- [Data Exposure & Exfiltration] (SAFE): The skill targets project-specific files (markdown docs and source code) and does not attempt to access sensitive system directories like ~/.ssh or credentials files. No network operations (curl, wget, fetch) are present.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): There are no package managers (npm, pip) or remote script executions. The skill relies on local file system access and the 'rg' (ripgrep) utility for scanning.
- [Obfuscation] (SAFE): Content is clear and readable with no Base64, zero-width characters, or hidden unicode tags.
- [Indirect Prompt Injection] (SAFE): While the skill ingests local documentation which could theoretically contain instructions, the skill's capabilities are restricted to read-only audits and reporting, minimizing the risk of exploitation.
- [Command Execution] (SAFE): Uses 'rg' (ripgrep) for searching text patterns in code, which is a standard, low-risk development activity.
Audit Metadata