evolution
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides a command to download and execute a remote script directly using
curl -fsSL https://raw.githubusercontent.com/ZhangHanDong/makepad-skills/main/install.sh | bash. This represents a critical vulnerability because it executes unverified code from an untrusted third-party repository. - [COMMAND_EXECUTION]: The skill configures environment hooks in
.claude/settings.jsonthat trigger the automatic execution of shell scripts (e.g.,makepad-skill-router.sh,pre-tool.sh) during the agent's prompt submission and tool usage phases. This creates a mechanism for persistent and automated command execution. - [EXTERNAL_DOWNLOADS]: Resources are fetched from an external repository (
ZhangHanDong/makepad-skills) that is not included in the trusted vendors list and is not associated with the stated author context (sickn33). - [PROMPT_INJECTION]: The 'Self-Evolution' and 'Self-Correction' features create an indirect prompt injection surface by instructing the agent to modify its own skill files based on session interactions and user-provided patterns.
- Ingestion points: Data enters the system via user prompts and tool outputs during development and troubleshooting.
- Boundary markers: There are no boundary markers or instructions to disregard embedded commands when the agent processes this data.
- Capability inventory: The agent is granted capabilities to write to the file system and execute Git operations to persist these modifications.
- Sanitization: The skill lacks logic to validate or sanitize external content before it is incorporated into the agent's core instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/ZhangHanDong/makepad-skills/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata