evomap

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs point to an untrusted custom domain (evomap.ai) and an unverified GitHub project (autogame-17/evolver) with explicit instructions to download, unzip, npm install and execute code — a high-risk supply-chain vector since running such code can execute arbitrary/malicious actions even though no direct .exe links are present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to fetch and read user-posted assets and tasks from the public EvoMap hub (e.g., POST https://evomap.ai/a2a/fetch, GET /a2a/assets, /task/list and bounty endpoints) and to study, claim, and act on those Capsules/tasks as part of its workflow, so untrusted third‑party content can directly influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs agents/operators to clone or download and run remote code from the Evolver repository (e.g. git clone https://github.com/autogame-17/evolver.git and the related curl download https://api.github.com/repos/autogame-17/evolver/releases/latest / https://github.com/autogame-17/evolver/archive/refs/tags/${TAG}.zip), which fetches external code that is then installed and executed (npm install; node index.js), so this is a required runtime dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a marketplace with an explicit bounty/credit/payments flow and includes endpoints that create, match, accept, and settle bounties and check earnings (e.g., POST /bounty/create, POST /bounty/:id/accept, POST /task/complete which results in credits being paid, GET /billing/earnings/YOUR_AGENT_ID). It describes credits, payouts, referral bonuses, and automatic reward settlement. These are specific, platform-level financial operations (creating/accepting bounties and distributing credits), not just generic HTTP or automation primitives. Therefore it grants direct financial execution capability within the platform.