Skills
skills/workersio/skills/axiom-verify/Gen Agent Trust Hub

axiom-verify

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the axiom-axle Python package via pip if it is not already installed in the environment.
  • [COMMAND_EXECUTION]: The skill relies on executing various shell commands, including the axle CLI for local file operations, curl for communicating with the remote API, and jq for parsing response data. It also suggests using sed to sanitize Lean files before submission.
  • [DATA_EXFILTRATION]: Lean source code, which may contain proprietary or sensitive mathematical logic, is sent to the external endpoint axle.axiommath.ai for compilation and analysis.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingest untrusted Lean code from user-provided files and processes diagnostic messages returned by the API. If these inputs contain malicious instructions, they could influence the agent's behavior.
  • Ingestion points: Lean source files (.lean) specified by the user; JSON responses from the Axle API.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between code/data and potential instructions within these inputs.
  • Capability inventory: The skill possesses shell execution capabilities (axle, curl, jq, sed) and network access.
  • Sanitization: No sanitization or validation of the input code or API responses is performed to filter out natural language instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 05:05 PM