prove-it
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill authorizes system interpreters including python, node, and bash, and explicitly instructs the agent to run code using dynamic execution flags like '-c' and '-e'. This provides a direct path for arbitrary command execution.
- [REMOTE_CODE_EXECUTION] (HIGH): Tools such as npm, cargo, and go are permitted, which allow the agent to download and execute untrusted remote packages during build and verification steps.
- [DATA_EXFILTRATION] (MEDIUM): The skill suggests using curl for integration testing (Pattern 4). When combined with the agent's ability to read local files via cat or file:read, this facilitates the exfiltration of sensitive information to external servers.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Reads files via 'file: read', 'cat', and 'grep' (SKILL.md). 2. Boundary markers: Absent. No instructions are provided to distinguish between generated code and potentially malicious code read from external files. 3. Capability inventory: Comprehensive execution power via 'bash', 'python', 'node', and 'make' (SKILL.md). 4. Sanitization: Absent. The agent is encouraged to execute found code immediately to provide proof of correctness.
Recommendations
- AI detected serious security threats
Audit Metadata