capability-evolver

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly connects to the EvoMap Hub / evomap.ai (via A2A_HUB_URL and the local Proxy/mailbox described in SKILL.md and README.md) and provides commands like "evolver fetch --skill <skill_id>" and external asset ingestion (assets/gep/a2a, a2a_ingest.js) so that untrusted, user-published skills/Genes/Capsules from the public Hub are fetched and then read/used to build prompts and validation/claiming behavior that can change subsequent actions.