prove-plus-comm
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill establishes a workflow where the agent processes untrusted external Coq source code and possesses command execution capabilities. 1. Ingestion points: The workflow requires the agent to read and analyze user-provided .v files (Workflow Step 1). 2. Boundary markers: Absent; there are no instructions to use delimiters or treat the file content as strictly untrusted data. 3. Capability inventory: The skill directs the agent to modify files and execute the coqc compiler (Workflow Step 4). 4. Sanitization: Absent; the skill does not provide guidance for sanitizing or validating the contents of the external files before processing.
- [Command Execution] (LOW): The skill explicitly instructs the agent to run the coqc command. While coqc is a standard tool for formal verification, its execution on unvalidated external content without a sandboxed environment presents a potential security risk.
Recommendations
- AI detected serious security threats
Audit Metadata