shortcut
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes commands using the
shortCLI (shortcut-cli) to perform actions like viewing, searching, and creating stories or epics. - [EXTERNAL_DOWNLOADS]: The skill provides instructions for the user to manually install the
shortcut-clitool via well-known package managers like Homebrew or NPM (npm install -g shortcut-cli). This follows safe practice by requiring manual user action for installation rather than auto-executing downloads. - [PROMPT_INJECTION]: The skill includes instructions to prioritize using this tool over generic web fetching when Shortcut URLs are encountered. This is a standard prompt engineering technique for tool selection and does not constitute a malicious override of safety guidelines.
- [DATA_EXFILTRATION]: While the skill handles API tokens for Shortcut authentication, it correctly instructs users to manage these via standard environment variables or interactive setup, following security best practices for credential management.
Audit Metadata