Back to skill

Security audit

Shortcuts Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Apple Shortcuts generator, but generated shortcuts can still be powerful and should be reviewed before import or execution.

Install only if you want an agent to generate Apple Shortcuts files. Before importing or running any generated shortcut, inspect actions that delete data, run shell or AppleScript, use Apple Intelligence, access photos/files/location/contacts/clipboard, send messages, make network requests, change system settings, or run other shortcuts. Add confirmation or preview steps for destructive automations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation enumerates many destructive and state-changing AppIntent actions such as deleting alarms, notes folders, calendars, voice memos, toggling system settings, and running shortcuts, but it does not warn users or downstream agents that these actions can alter device state, delete data, or trigger further automation. In a skill specifically designed to generate executable Shortcuts plist content, this omission increases the chance that an agent will generate harmful automations without surfacing risk or requiring confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The AI Query example collects free-form user input and sends it to Apple Intelligence, but the documentation does not explicitly warn that entered content will be transmitted to an external AI processing system. This can cause unintended disclosure of sensitive personal or enterprise data because users may assume the shortcut is purely local.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The Weather + AI example forwards weather-derived context to Apple Intelligence without documenting that this data leaves the local shortcut execution context for AI processing. While weather data is often less sensitive than direct user input, it may still reveal location-related or contextual information and users are not given informed consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation includes a ready-to-use DeletePhotos example that wires filtered photo results directly into a destructive deletion action, but it provides no warning, confirmation step, or guidance on safe use. In a skill whose purpose is to generate Shortcut plist files, this can enable users or downstream agents to create shortcuts that silently perform irreversible or hard-to-recover bulk deletions.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to write a `.shortcut` file and execute `shortcuts sign`, which causes local filesystem modification and shell execution. While this is core to the skill's purpose, the lack of an explicit warning or consent boundary can lead to unintended side effects if invoked without clearly informing the user.

Session Persistence

Medium
Category
Rogue Agent
Content
3. **Build action array** - Create each action dictionary with identifier and parameters
4. **Wire variable references** - Connect outputs to inputs using `OutputUUID`
5. **Wrap in plist** - Add the root structure with icon, name, version
6. **Write to file** - Save as `.shortcut` (XML plist format is fine)
7. **Sign** - Run `shortcuts sign` to make it importable

## Key Rules
Confidence
89% confidence
Finding
plist

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.