synap-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install an unverified external package 'synap' from the NPM registry if it is not present on the system.
- [COMMAND_EXECUTION]: The skill uses the 'synap' CLI to perform numerous local operations, including modifying entries, managing hierarchy, and executing system-level configuration changes.
- [DATA_EXFILTRATION]: The skill utilizes Git synchronization commands ('synap save', 'synap sync') which transmit the content of the knowledge base to external remote repositories. While intended for backup and sync, this provides a mechanism for data transmission to user-defined external locations.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is instructed to 'triage' and 'process' raw user input that could contain malicious instructions.
- Ingestion points: Untrusted user data is ingested from 'entries.json', 'archive.json', and 'user-preferences.md' during review and triage sessions.
- Boundary markers: There are no defined boundary markers or instructions provided to the agent to treat the captured content as untrusted data.
- Capability inventory: The agent has the ability to write to the local file system, delete records, and push data to remote Git repositories via the CLI.
- Sanitization: No sanitization or validation logic is applied to the content of entries before they are processed by the agent.
Audit Metadata