Experience Manager

The skill bundle implements a system for agents to 'learn' by downloading ZIP packages from a remote hub (expericehub.com) and appending the content to core behavioral files like SOUL.md and AGENTS.md. This mechanism facilitates persistent remote prompt injection, as any content in the downloaded 'experience' becomes part of the agent's core instructions. The domain used throughout the scripts, 'expericehub.com' (missing the 'n'), is a significant red flag for typosquatting or a non-standard endpoint. While the code in learn.mjs and publish.mjs performs its stated purpose and includes a dry-run/confirmation step, the architectural design allows for remote takeover of agent behavior via untrusted third-party content.