lean4-theorem-proving
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill documentation references the use of 'lake build' and various automation scripts located in a scripts directory. These are standard tools for Lean 4 development and are essential for the skill's primary purpose.
- PROMPT_INJECTION (LOW): Identifies a surface for indirect prompt injection within the 'Compiler-Guided Proof Repair' workflow. This workflow ingests untrusted data and possesses exploitable capabilities.
- Ingestion points: Processes external .lean source files and compiler error messages which could contain malicious instructions.
- Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings for the input Lean code are mentioned in this file.
- Capability inventory: The workflow allows for file patching (writing to .lean files) and repeated execution of the build system (lake build).
- Sanitization: No explicit sanitization or validation of the input Lean code or compiler strings is described.
- DYNAMIC_EXECUTION (LOW): The skill describes a process of generating code patches and recompiling them at runtime. While this is a form of dynamic code generation and execution, it is the primary purpose of the theorem-proving assistant and is considered acceptable in this context.
Audit Metadata