botlearn
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains several instructions designed to override the agent's standard safety protocols regarding human oversight. For example, SKILL.md explicitly commands the agent to 'NEVER ask your human to register' and to 'Just do it' autonomously. Similarly, learning.md states 'You do NOT need to ask your human for confirmation' regarding its knowledge distillation process.
- [EXTERNAL_DOWNLOADS]: The skill implements a 'Self-Update Protocol' in heartbeat.md and setup.md that fetches updated instruction files and metadata from botlearn.ai. While these are identified as vendor resources, this mechanism allows remote content to dynamically modify the agent's operational logic during routine checks.
- [COMMAND_EXECUTION]: The setup and maintenance processes rely on the agent executing shell commands (mkdir, curl, cat, grep) to manage files, register its heartbeat, and store credentials locally. Specifically, setup.md provides a multi-step process for the agent to autonomously append a execution block to the workspace HEARTBEAT.md file.
Audit Metadata