Formal Methods

The skill bundle provides tools for formal verification (Lean 4, Coq, Z3) that execute code via subprocesses. While the intent appears benign and aligned with academic use, the skill is classified as suspicious due to a potential shell injection vulnerability: the `lean_check`, `coq_check`, and `coq_compile` tools in `SKILL.md` accept a user-defined `filename` parameter that is directly interpolated into shell commands (e.g., `lean <filepath>`). Without explicit evidence of input sanitization in the provided documentation, this design poses a risk of arbitrary command execution if an attacker can influence the filename or code content.