synthesis-mac-sync
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is designed to access and synchronize highly sensitive files, specifically mentioning SSH configurations (~/.ssh/config) and API key storage (.config/app/keys.yaml).
- [COMMAND_EXECUTION]: The skill utilizes several system commands including 'scutil' for machine identification, 'find' for directory traversal, and 'stat' for file metadata analysis.
- [REMOTE_CODE_EXECUTION]: The 'One-Time Actions' feature enables the agent to read and execute arbitrary Bash code blocks from a configuration file stored in iCloud. This creates a mechanism for remote code execution based on external data.
- [PROMPT_INJECTION]: The skill is inherently vulnerable to indirect prompt injection as it is instructed to process and follow commands ('One-Time Actions') embedded in external markdown files.
- Ingestion points: The primary ingestion point is the README.md configuration file located in the user's iCloud sync folder.
- Boundary markers: None; the agent is directed to parse and execute blocks directly from the file content without safety delimiters.
- Capability inventory: Includes the ability to execute arbitrary shell commands, perform file system operations (copy, change permissions), and interact with Git repositories.
- Sanitization: No sanitization or validation logic is defined for the commands extracted from the external configuration file.
Audit Metadata