synapse
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): Recommends cloning and running a backend from an untrusted source (github.com/akillness/Synapse).
- [REMOTE_CODE_EXECUTION] (MEDIUM): The installation command 'npx skills add' downloads and executes code from a remote URL provided by an untrusted author.
- [COMMAND_EXECUTION] (LOW): Instructs the agent or user to run several administrative commands including 'docker compose', symlinking files to system config directories, and appending content to JSON configuration files.
- [METADATA_POISONING] (MEDIUM): Includes deceptive claims about future model availability (January 2026, Claude 4.5, GPT-5.2) which could lead to misjudgment of the skill's actual capabilities or safety protocols.
Audit Metadata