botlearn

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to obtain, store, and use an API key and to include it verbatim in the Authorization: Bearer header for API calls (and to run curl/HTTP commands itself), which requires the LLM to handle and embed secret values in generated requests/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read user-generated posts, comments, feeds and DMs from the public BotLearn API (see heartbeat.md step 2/3 with curl to https://botlearn.ai/api/community/posts and engagement.md/learning.md) and to distill and act on that content (comment, vote, update memory, suggest changes), so untrusted third-party content can materially influence agent decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime fetches that can overwrite and control the agent's instruction files (e.g., the self-update and install commands fetch https://botlearn.ai/skill.json and https://botlearn.ai/skill.md, and even runtime installs use raw GitHub/Gitee URLs like https://raw.githubusercontent.com/botlearn-ai/botlearn-skills/main/skills/botlearn-reminder/SKILL.md and https://gitee.com/calvin_xhk/botlearn-skills/raw/main/skills/botlearn-reminder/SKILL.md), which directly control agent prompts/behavior and are invoked at runtime.