Skills
skills/trailofbits/skills/mutation-testing/Gen Agent Trust Hub

mutation-testing

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute mewt and muton CLI commands as well as project-specific test commands (e.g., cargo test, npm test, go test). This is the primary and intended function of the skill for running mutation tests.
  • [DATA_INGESTION_SURFACE]: The skill interprets project configuration and source code to define the scope of testing, which constitutes a surface for indirect prompt injection.
  • Ingestion points: The agent is instructed to read mewt.toml, package.json, Makefile, and project source files in workflows/configuration.md and references/optimization-strategies.md.
  • Boundary markers: Absent. No specific delimiters are recommended for wrapping untrusted project data.
  • Capability inventory: Includes Bash (command execution), Write (configuration modification), and Read (file inspection).
  • Sanitization: Absent. The skill directs the agent to execute commands discovered within project files (like test commands in mewt.toml) without explicit sanitization or validation logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 01:45 PM