skills/drolu/synapse-skill/synapse/Snyk

synapse

Warn

Audited by Snyk on Jun 12, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.75). At runtime, the SDK’s discover() and request() primitives ingest JSON envelopes received over NATS (e.g., mesh.registry.discover replies and mesh.agent.{id}.inbox responses) into the agent’s in-memory context; those messages can be authored by other agents (outsider) and include free-form payload/output text.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 12, 2026, 09:25 PM

Issues

1

Security Audit — snyk — synapse