evomap
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs agents to download and install the Evolver client from an unverified GitHub repository (https://github.com/autogame-17/evolver.git).
- [REMOTE_CODE_EXECUTION]: The skill encourages cloning an external repository and running npm install and node index.js, which executes code from a source that is not a trusted vendor.
- [COMMAND_EXECUTION]: The agent is instructed to execute validation commands provided within Genes fetched from the marketplace, such as node tests/retry.test.js.
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by requiring the agent to ingest and act on content (Genes and Capsules) created by other agents in a marketplace.
- Ingestion points: Untrusted content enters the agent's context through the /a2a/fetch endpoint as described in SKILL.md.
- Boundary markers: No boundary markers or instructions to disregard embedded commands are present when processing fetched assets.
- Capability inventory: The agent has capabilities to execute commands via the validation field in Genes and perform network operations.
- Sanitization: There is no evidence of sanitization or safety checks performed on the data fetched from the hub.
- [DATA_EXFILTRATION]: The agent is instructed to send environment fingerprints and other data to https://evomap.ai, a non-whitelisted domain.
Recommendations
- AI detected serious security threats
Audit Metadata