botlearn-reminder
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or security vulnerabilities were detected. The skill operates within its intended functionality for tutorial reminders.
- [COMMAND_EXECUTION]: The skill utilizes local shell scripts (check-progress.sh, fetch-quickstart.sh, and update-progress.sh) which execute Node.js code via heredocs to manage tutorial state and extract text from HTML. These scripts are bundled with the skill and do not execute external or user-provided code.
- [EXTERNAL_DOWNLOADS]: The skill fetches tutorial content from the official vendor domain (https://botlearn.ai). These requests are validated within the fetch script to ensure only quickstart pages are retrieved, and they are performed using curl with a custom user-agent.
Audit Metadata