evolve
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
evalcommand withinscripts/cp2-verify-build.shto dynamically run build and test commands (such asnpm test,pytest, orcargo test) based on the detected project environment. This is a primary feature designed to ensure code quality through automated verification. - [REMOTE_CODE_EXECUTION]: The installation process involves downloading a script from the author's GitHub repository (
miles990/self-evolving-agent) and piping it directly to the shell. Additionally, thescripts/setup-skill-index.shscript downloads and executes theuvpackage manager installer fromastral.sh, which is a well-known technology service. - [EXTERNAL_DOWNLOADS]: The skill uses
scripts/sync-skills.shto download and index skill metadata from other repositories owned by the author (claude-software-skillsandclaude-domain-skills) to facilitate skill recommendations. - [PROMPT_INJECTION]: The skill processes project files and memory logs, creating a potential surface for indirect prompt injection.
- Ingestion points: Project source code files,
.claude/memory/records, and user goals in theskills/01-core/_base/goal-analysis.mdfile. - Boundary markers: The skill employs Markdown headers, checklists, and YAML frontmatter to delineate instructions from external data.
- Capability inventory: The skill possesses extensive capabilities including shell command execution, file system modification, and network operations via integrated tools.
- Sanitization: Content from the ingested files is used directly within the agent's context without explicit sanitization or filtering logic.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/miles990/self-evolving-agent/main/install.sh - DO NOT USE without thorough review
Audit Metadata