prove-fix
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses highly imperative and repetitive language such as "MANDATORY IMPORTANT MUST" and "non-negotiable" to strictly control agent behavior and task execution flow.
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it is designed to ingest and process untrusted code and file content.
- Ingestion points: Reads code changes, file content at specific
file:linelocations, and project documentation. - Boundary markers: The skill defines structured output formats (e.g.,
PROOF TRACE) but lacks explicit instructions for the agent to ignore or delimit natural language instructions embedded within the code it reads. - Capability inventory: Possesses the ability to read arbitrary files, write reports to the local filesystem (
plans/reports/), and trigger downstream agent skills like/code-simplifierand/review-changes. - Sanitization: There is no evidence of input validation, escaping, or filtering for natural language instructions hidden in code comments or strings.
Audit Metadata