CSRNGs are mentioned a few times in TFA, but cryptographic security doesn't appear to be among the design criteria for SHISHUA. There's no mention of linear or differential crpytanalisis, which is table stakes for a CSPRNG.
I added a warning in the GitHub’s Readme. SHISHUA is not to be used for cryptographic purposes.
You mentioned the lack of cryptanalysis; there is also the lack of rounds (which prevents researchers from breaking partial versions to ease their study, and allows setting a security margin).
