proof
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to read the content of local markdown documents and upload them to the Proof web API at
www.proofeditor.ai. This behavior is the central purpose of the skill, facilitating document sharing and collaborative review. - [COMMAND_EXECUTION]: The skill uses the Bash tool to execute
curlfor API interactions,jqfor data processing, and filesystem commands likemvandmktempto perform atomic updates to local markdown files during the synchronization process. - [PROMPT_INJECTION]: The Human-in-the-Loop (HITL) review mode introduces a surface for indirect prompt injection by processing untrusted data from an external source.
- Ingestion points: Feedback is ingested from the Proof Web API via the
GET /api/agent/{slug}/stateendpoint (referenced inreferences/hitl-review.md). - Boundary markers: The skill does not implement explicit boundary markers or delimiters when interpreting document comments or suggestions.
- Capability inventory: The agent possesses the capability to modify the local filesystem (
Writetool,mvcommand) and execute network requests (WebFetch,curl). - Sanitization: There is no explicit sanitization logic; the agent is instructed to "decide how to respond" and is encouraged to apply fixes directly based on its interpretation of the feedback.
Audit Metadata