synapse-a2a
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill functions as a message broker between agents, which is a surface for indirect prompt injection where untrusted data could influence agent behavior.\n
- Ingestion points: Message content in synapse send, reply, memory, and external agent responses (SKILL.md, references/messaging.md).\n
- Boundary markers: Messages are prefixed with A2A: and may include [REPLY EXPECTED] markers (references/messaging.md).\n
- Capability inventory: Includes shell command execution through spawn and team start, along with file/database writes for task and memory management (references/commands.md).\n
- Sanitization: No evidence of content sanitization or instruction filtering for relayed messages is documented.\n- [EXTERNAL_DOWNLOADS]: The synapse skills add command allows users to download and install skills from any remote repository using npx, which could lead to the execution of untrusted code.\n- [COMMAND_EXECUTION]: Provides documentation and CLI support for executing underlying agent tools with flags that bypass safety confirmations, such as --dangerously-skip-permissions or --approval-mode=yolo (references/spawning.md).
Audit Metadata