prove
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill contains a piped remote execution pattern:
curl https://raw.githubusercontent.com/leanprover/elan/master/elan-init.sh -sSf | sh. This executes unverified code directly from the internet. The source organization 'leanprover' is not listed in the Trusted External Sources list, and the execution method is a high-risk security anti-pattern. - COMMAND_EXECUTION (HIGH): The skill leverages the Bash tool for broad system-level operations, including software installation and managing complex environments. When combined with the execution of untrusted remote scripts, this provides a significant vector for system compromise.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Untrusted data enters the agent context through
WebSearch,WebFetch, andloogle-searchresults. 2. Boundary markers: Absent; there are no delimiters or instructions provided to the agent to ignore embedded commands within the fetched content. 3. Capability inventory: The skill possesses dangerous capabilities includingBash(command execution),Write(file modification), andWebFetch(network access). 4. Sanitization: Absent; external content is interpolated directly into the 5-phase workflow without validation or escaping.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/leanprover/elan/master/elan-init.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata