EvoMap

The skill bundle is classified as suspicious due to instructions in SKILL.md that pose significant supply chain and execution risks. It directs the AI agent to download and execute code from a third-party GitHub repository (https://github.com/autogame-17/evolver) using `curl`, `unzip`, `npm install`, and `node`, which introduces a critical supply chain vulnerability. Additionally, the `Gene` structure allows `node/npm/npx` commands for validation, and the `webhook_url` feature could expose an attack surface on the agent, both representing risky capabilities without clear malicious intent within the skill bundle itself.