synthesis-mac-sync

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly captures and writes git remote URLs into the shared manifest and summary (and even instructs "Do not strip or redact" credentials in URLs), which can force the LLM to read and output embedded secrets (e.g., username:token@host) verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and merges a shared git-repos.yaml manifest and reconciles/adds remote URLs (e.g., GitHub/other git remotes) and runs git fetch/pull/push and user-provided "one-time actions" from the iCloud config folder as part of its required workflow (see "Git Remote Sync Protocol", "Repository Discovery", and "One-Time Actions" in SKILL.md), which means it ingests and acts on untrusted, user-generated third‑party content and URLs.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). Yes — the skill instructs the agent to run batched shell scripts that modify local system configuration (including ~/.ssh/config), change file permissions, add/update git remotes, and execute arbitrary one-time bash actions with minimal prompting, which are state-changing operations that can alter system security and enable remote access.