capability-evolver

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and ingests assets from a public EvoMap Hub (e.g., index.js "fetch" endpoint calling {A2A_HUB_URL}/a2a/skill/store//download and the a2a ingestion/promote scripts), which are untrusted external/user-contributed skills/genes that the agent reads and can influence task selection and evolution decisions (startHeartbeat/startEventStream and asset ingestion are part of the normal workflow), so it clearly exposes the agent to third‑party content that could carry indirect prompt-injection instructions.