Skills
skills/synth-laboratories/skills/synth-api/Gen Agent Trust Hub

synth-api

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection through its prompt optimization (GEPA) setup.
  • Ingestion points: The {query} placeholder in the initial_prompt configuration within SKILL.md allows untrusted user data to enter the prompt context.
  • Boundary markers: There are no delimiters or explicit instructions provided to the LLM to ignore potentially malicious instructions within the {query} data.
  • Capability inventory: The skill can perform network requests, list files via JobsClient.files.list, and expose local ports to the web.
  • Sanitization: No sanitization or validation of the {query} content is shown in the provided examples.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill depends on the synth_ai Python package. Although this package is not on the trusted list, its use is essential for the skill's primary purpose of interacting with the Synth AI platform.
  • [DATA_EXFILTRATION] (SAFE): All network operations are directed to https://api.usesynth.ai, which is the legitimate backend for the service. Sensitive keys like SYNTH_API_KEY are handled as environment variables.
  • [COMMAND_EXECUTION] (LOW): The TunneledLocalAPI.create_for_app function is used to initiate a Cloudflare tunnel. While this involves process execution and opening inbound network paths, it is the intended primary functionality for creating a reachable Local API for the Synth backend.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:00 PM