Trust Assessment
shortcuts-generator received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via 'shortcuts sign' arguments, Excessive 'Bash' permission declared, Potential Data Exfiltration via 'Write'/'Bash' and URL actions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via 'shortcuts sign' arguments The skill declares 'Bash' permission and its documentation explicitly shows the use of the 'shortcuts sign' command. If the skill constructs the '--input' or '--output' arguments for this command using unsanitized user input, an attacker could inject arbitrary shell commands, leading to remote code execution on the host system. Ensure all arguments passed to 'shortcuts sign' (especially file paths) are strictly validated and sanitized to prevent shell metacharacter injection. Consider using a safer method for executing external commands if available, or escaping arguments properly. | LLM | SKILL.md:108 | |
| HIGH | Excessive 'Bash' permission declared The skill declares 'Bash' permission, which allows arbitrary command execution on the host system. While the 'SKILL.md' indicates its use for 'shortcuts sign', this permission is highly privileged and poses a significant risk if the skill's command construction or execution is vulnerable to injection, or if the skill is otherwise compromised. This grants broad access beyond typical skill requirements. Re-evaluate if 'Bash' permission is absolutely necessary. If so, ensure all command executions are strictly controlled, arguments are sanitized, and consider sandboxing the execution environment. If only 'shortcuts sign' is needed, explore if there's a more granular tool or API that can be exposed instead of full 'Bash' access. | LLM | Manifest:1 | |
| HIGH | Potential Data Exfiltration via 'Write'/'Bash' and URL actions The skill has 'Write' and 'Bash' permissions, and its documentation highlights actions like 'is.workflow.actions.downloadurl' and 'is.workflow.actions.openurl'. If the skill constructs file paths for writing or 'Bash' commands, or URLs for network requests, using unsanitized user input, an attacker could craft malicious inputs to read local files (via 'Bash') or send sensitive data to external servers. Implement strict input validation and sanitization for all user-provided data that influences file paths, command arguments, or URLs. Restrict network access to approved domains if possible. Ensure 'Bash' commands do not expose sensitive file contents. | LLM | SKILL.md:76 |
Scan History
Embed Code
[](https://skillshield.io/report/f7105e81da8e2e19)
Powered by SkillShield