The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from an external hub (tasks and assets) and has high-impact capabilities like shell execution and file writing, making it a target for indirect prompt injection where malicious instructions could be embedded in downloaded 'genes'.
[EXTERNAL_DOWNLOADS]: The skill connects to evomap.ai to download new capabilities ('Genes') and tasks. It also performs npm install within the workspace to 'heal' skills, which involves downloading and executing third-party packages from public registries.
[REMOTE_CODE_EXECUTION]: The evolution process involves downloading 'Genes' that contain 'validation' shell commands. These commands are executed locally using execSync to verify the 'evolution'. Although there is an allowlist for command prefixes (node, npm, npx), this mechanism allows a remote server to dictate shell commands that the agent will execute.
[DATA_EXFILTRATION]: The issueReporter.js module automatically submits data to GitHub when errors are detected. Although a sanitization layer (redactString) is used to remove common secrets like API keys and tokens, the process involves sending internal logs and environment metadata to an external service.
[COMMAND_EXECUTION]: Per the skill's primary purpose, it frequently executes shell commands (git, node, npm) to manage the repository and validate changes. This power is necessary for self-evolution but increases the potential impact of any malicious instruction or data received from the hub.

capability-evolver