Critical LocalStorage Injection Flaw in Zustand Store Exposes depthOS to Malicious Workspace Data

A critical data injection vulnerability has been identified in the Zustand persist middleware used by depthOS, potentially allowing attackers to inject malicious workspace data through unvalidated localStorage reads. The flaw, located in `src/stores/depthOSStore.ts` (lines 612-644), stems from the middleware loading persisted state directly from localStorage without applying any schema validation. This means that data written to localStorage by an attacker can be deserialized and used by the application without verification, creating a direct vector for injecting arbitrary workspace configurations.

The vulnerability exists in the persist middleware's current behavior: it performs no input validation or type checking on retrieved localStorage data before hydrating the application state. Unlike a properly guarded data flow, which would validate incoming data against an expected schema, this implementation trusts the localStorage contents implicitly. The code at lines 612-644 processes whatever data exists under the relevant storage keys, including data that may have been planted or modified by malicious actors. Without schema enforcement, malformed or hostile payloads can reach downstream consumers of the store, raising the risk of unexpected behavior, data corruption, or exploitation depending on how the workspace data is used.

Security researchers have flagged this as a critical-priority issue and recommend implementing Zod schema validation for all persisted state before hydration. Adding a validation layer would reject non-conforming data at the point of retrieval, preventing injected payloads from entering the application's state management pipeline. Organizations using the affected depthOS store should audit localStorage interactions and consider applying schema validation as a defensive measure. The absence of such validation represents a systemic gap in the trust boundary between client-side storage and application state, particularly concerning in environments where multiple workspaces or user-generated content are involved.