Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/proof-checker/Gen Agent Trust Hub

proof-checker

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute pdflatex for document compilation and grep for error analysis during the Phase 2 fix implementation. It also uses Bash to check for LaTeX errors and warnings in a non-interactive mode.
  • [DATA_EXFILTRATION]: Mathematical content from local LaTeX files is read using the Read tool and transmitted to an external reasoning model via the mcp__codex__codex tool. While this involves transmitting research data to an external provider, it is the primary intended function of the skill for remote mathematical review.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it ingests untrusted LaTeX files and interpolates their content into the reviewer prompt for the Codex model.
  • Ingestion points: Phase 0 reads project LaTeX files and reference materials.
  • Boundary markers: None identified; the proof content is directly inserted into the prompt template using a placeholder.
  • Capability inventory: The skill has access to powerful tools including Bash(*), Write, and Edit, which could be abused if the reviewer model is successfully subverted.
  • Sanitization: There is no evidence of LaTeX command sanitization or filtering of the input content before it is processed by the external model.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 04:28 AM