Is this shortcut really something that needs frequent updating enough to warrant automatically installing changes to it
It’s not about the frequency, it’s about whether it might ever need updating at all. Which it already has.
How can we know that you won’t replace your shortcut content with something malicious?
How do you know that any shortcut author won’t put malicious content into any update, ever? All this does is automatically allow you to download the new version. It doesn’t—and can’t—change anything in the existing shortcut.
Creating an HTML document also seems sketchy and overkill.
I tried hard not to have to include that, but it was the only way to make it open longer text blocks in the Pleco document reader, which was a requested feature. I swiped that code from another shortcut that had been posted on these forums. More info here:
https://www.plecoforums.com/threads/is-there-a-way-to-look-up-selected-text-in-pleco.6899/
Does Apple prevent scripts from running in HTML documents within a shortcut?
You can’t execute Javascript in Shortcuts without an extension such as Scriptable.
Regardless, you can easily look and see that there are no scripts. It’s not like someone can go insert Javascript into a shortcut that happens to have HTML into it.
Besides, the shortcut doesn’t
execute the HTML, it just changes it to rich text and opens it in Pleco.
I was able to create a shortcut that grabs selected text, copies to the clipboard and opens Pleco without 34 steps.
That…doesn’t seem to open the text in Pleco, just copy it and open Pleco, so you then have to paste it. Which I guess saves a couple of steps, but is hardly as handy as selecting text and having it just show up in Pleco.
I mean, do what you want, of course, but if you’re worried about it checking for updates, just delete the “If Current IP Address” subroutine.
Odd that people here seem to be suspicious about the update checker, when those on the Obsidian forums have not mentioned it at all for my other shortcut.