genericagent-self-evolving-ai-agent

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These links include instructions to directly download-and-execute shell/PowerShell installers hosted on an untrusted, non-HTTPS host (http://fudankw.cn:9000/... piped to bash/iex) and reference small/unknown GitHub repos — a classic high-risk pattern for malware/supply‑chain compromise (other links like arXiv, OpenAI API, and GitHub Pages are benign but do not mitigate the danger of executing remote scripts from an untrusted HTTP server).

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.95). This skill describes a powerful dual‑use autonomous agent that explicitly exposes remote arbitrary code execution (terminal + Python REPL), browser session injection (preserve/login access), filesystem/screen/keyboard/mouse/ADB access, automated persistence (skill crystallization, cron scheduling), and IM bot frontends, and it ships a one‑line installer pulled over plain HTTP from an untrusted domain — collectively these are strong indicators of capability for credential theft, data exfiltration, backdoor persistence and supply‑chain abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md explicitly instructs the agent to perform browser automation and autonomous web data collection on public sites (e.g., "Visit techcrunch.com, browse the latest AI articles", "Navigate to gmail.com", "Go to Amazon", and fetching arbitrary URLs like https://api.github.com/...), so the agent will fetch and interpret untrusted third‑party web content that can influence its actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly grants the agent system-level control (terminal execution, filesystem read/write, scheduler setup, ADB, installing remote scripts, etc.) and contains examples that install software, set up cron jobs, and run arbitrary shell commands—capabilities that enable modifying system state and performing privileged actions.