mutation-testing
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a vendor-provided local script
java/scripts/check-pitest-readiness.shto verify system configuration. - [COMMAND_EXECUTION]: The skill uses the local Gradle wrapper
./gradlewto execute thepitesttask, which involves running project-level build code. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) during the result analysis phase.
- Ingestion points: The agent is instructed to read and analyze mutation testing reports located at
build/reports/pitest/index.html. - Boundary markers: No explicit instructions or delimiters are used to prevent the agent from following potential instructions embedded within test failure messages or report data.
- Capability inventory: Subprocess execution via
bashand./gradlewacross the skill's scripts. - Sanitization: No sanitization or filtering of the Pitest report content is described before analysis.
Audit Metadata