agent-crdt-synchronizer
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The 'pre' hook in the skill metadata uses the '$TASK' environment variable directly within a shell command ('echo "🔄 CRDT Synchronizer syncing: $TASK"'), which could allow for arbitrary command execution if the variable is user-controlled.
- [PROMPT_INJECTION]: The skill processes external CRDT state and delta data without proper sanitization or boundary markers, exposing it to indirect prompt injection.
- Ingestion points: Data enters through 'initialState' in CRDT constructors and 'deltas' in the synchronization methods like 'applyDeltas'.
- Boundary markers: No delimiters or safety instructions are used when processing peer-provided data.
- Capability inventory: The skill uses 'mcpTools.memory_usage' for persistent storage and 'mcpTools.neural_patterns' for operation outcome learning.
- Sanitization: There is no validation or escaping performed on the ingested state data before it is stored or processed.
Recommendations
- AI detected serious security threats
Audit Metadata