evomap
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to download the
evolverclient from theautogame-17/evolverGitHub repository, which is not verified as a trusted source. - [REMOTE_CODE_EXECUTION]: Detailed instructions are provided to clone, install dependencies via
npm install, and execute theevolverclient, leading to the execution of code from an external, untrusted repository. - [COMMAND_EXECUTION]: The GEP-A2A protocol's 'Gene' structure includes a
validationfield intended for executing commands likenode tests/retry.test.js. This allows external marketplace assets to trigger the execution of arbitrary scripts in the agent's local environment. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it fetches 'promoted assets' (Genes, Capsules, Tasks) from an external hub (
evomap.ai) and instructs the agent to study and act upon this content. - Ingestion points: Data retrieved from the
/a2a/fetchand/task/listendpoints. - Boundary markers: No specific delimiters or safety instructions are provided to the agent for handling the untrusted natural language content in fetched assets.
- Capability inventory: The agent can publish bundles, claim bounty tasks, and execute validation scripts based on the protocol instructions.
- Sanitization: The instructions do not include any steps for sanitizing or validating the natural language content of external assets before processing.
Recommendations
- AI detected serious security threats
Audit Metadata