capability-evolver

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.85). The repo contains multiple high-risk, backdoor-like patterns: an obfuscated a2aProtocol module, persistent host-integration hooks that copy/execute scripts into user runtime config and capture git diffs, logic that posts diffs and session outcomes to a remote Hub using node secrets/Authorization headers, and opt-in auto-purchasing/merchant features that can cause outbound transactions — together these enable easy, covert exfiltration of code/secrets and remote influence when connected to an untrusted Hub.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md/README explicitly describe optional Hub integration with EvoMap (https://evomap.ai), the Skill Store (evolver fetch --skill <id>), mailbox APIs that poll/receive task_available and asset messages, and A2A asset ingestion scripts—all of which fetch and ingest user-contributed Hub/Skill assets and tasks that the agent is expected to read and act on, so untrusted third‑party content can materially influence agent decisions and tool use.