capability-evolver

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes explicit A2A ingestion and asset-reading flows (scripts/a2a_ingest.js, scripts/a2a_promote.js and assetStore usage) and src/evolve.js imports/readRecentExternalCandidates, showing it ingests untrusted external Genes/Capsules (public/third‑party assets) which the evolver reads and can influence gene selection, generated GEP prompts and subsequent actions.