capability-evolver

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High-risk: the package includes obfuscated core modules, installs runtime hooks that collect and transmit local session/diff data to a remote Hub, and executes externally-provided "validation" commands (allowed to start with node/npm/npx) — together these provide clear vectors for covert data exfiltration and remote code execution/backdoor promotion.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md/README explicitly describe optional Hub integration with EvoMap (https://evomap.ai), the Skill Store (evolver fetch --skill <id>), mailbox APIs that poll/receive task_available and asset messages, and A2A asset ingestion scripts—all of which fetch and ingest user-contributed Hub/Skill assets and tasks that the agent is expected to read and act on, so untrusted third‑party content can materially influence agent decisions and tool use.