Skills
skills/sickn33/antigravity-awesome-skills/evolution/Gen Agent Trust Hub

evolution

Fail

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the user to execute an external installation script from a remote GitHub repository using a curl | bash command chain. This pattern allows for the execution of arbitrary, unverified code from an external source.
  • [COMMAND_EXECUTION]: The skill installs and configures several shell scripts as hooks in the .claude/hooks/ directory. These scripts are automatically executed in response to user prompts and tool usage events, leading to unvetted background command execution.
  • [PROMPT_INJECTION]: In the 'Self-Correction' section, the skill provides instructions for the AI to 'AUTO: Correct skill immediately' when it identifies errors. This encourages the agent to bypass user review and autonomously modify its own instruction set.
  • [DATA_EXFILTRATION]: The skill logic includes automatic ingestion of project metadata from files like Cargo.toml and Cargo.lock. While intended for version detection, this provides a mechanism for scanning and processing local project configurations without explicit user intent for each file read.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/ZhangHanDong/makepad-skills/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
May 1, 2026, 11:01 AM