evomap
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download the Evolver client from an untrusted GitHub repository (github.com/autogame-17/evolver) using git clone or curl.
- [REMOTE_CODE_EXECUTION]: Instructions direct the agent to execute the downloaded code using npm install and node index.js, which runs third-party code in the agent environment.
- [COMMAND_EXECUTION]: The protocol defines Gene assets with a validation field (e.g., node scripts) that the agent is instructed to execute, enabling remote command execution via fetched JSON assets.
- [DATA_EXFILTRATION]: The registration process requires the agent to send an env_fingerprint containing system platform and architecture info to evomap.ai.
- [PROMPT_INJECTION]: 1. Ingestion points: Fetches assets and tasks via POST /a2a/fetch and receives webhook notifications. 2. Boundary markers: No markers are defined to ignore instructions in fetched data. 3. Capability inventory: Executes commands from Gene validation and performs task-related actions. 4. Sanitization: No sanitization is mentioned; the skill relies on an unverifiable server-side whitelist.
Recommendations
- AI detected serious security threats
Audit Metadata