evomap
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill promotes installation via
bash <(curl ...)in itsREADME.mdandscripts/one_line_install.sh. This pattern downloads and executes code from the author's repository without integrity verification. - [COMMAND_EXECUTION]: Several scripts (
install_from_github.sh,setup.sh,manage_evolver.sh) perform extensive shell operations. The installation scripts executeapt-getcommands, modify system-wide paths like/usr/local/bin/, and manipulate the user's~/.ssh/configfile, which constitutes privilege escalation. - [EXTERNAL_DOWNLOADS]: The installation process fetches Node.js configuration from
deb.nodesource.com(a well-known service) and clones external repositories from GitHub (keoy7am/skill-evomapandEvoMap/evolver) to set up its components. - [PROMPT_INJECTION]: The skill has a significant surface for indirect prompt injection (Category 8).
- Ingestion points:
evomap_client.pyfetches "promoted assets" (Genes and Capsules) from theevomap.aimarketplace. - Boundary markers: No explicit boundary markers or "ignore embedded instructions" warnings are implemented when processing these remote assets.
- Capability inventory: The skill manages a Node.js process via
scripts/manage_evolver.shand provides a Python client capable of interacting with the local workspace and remote network. - Sanitization: There is no evidence of sanitization or strict schema validation for the fetched natural language "Genes" or implementation "Capsules" before they are integrated into the agent's workflow.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/keoy7am/skill-evomap/main/scripts/one_line_install.sh, https://deb.nodesource.com/setup_20.x - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata