synapse-a2a

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests open-web content and remote agent responses (e.g., "synapse canvas link "https://example.com/article\"" which "fetches Open Graph metadata" and the external-agent workflow "synapse external add https://agent.example.com" / synapse external send myagent ...), meaning arbitrary third-party pages and external agents' replies can be read and acted on by agents and thus could deliver indirect prompt-injection instructions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly encourages passing automation flags such as --dangerously-skip-permissions, --approval-mode=yolo, and --allow-all-tools to spawn agents that auto-approve and bypass permission checks, which directly promotes circumventing security mechanisms and enables agents to run unattended with escalated capabilities.