lipton-mutation-testing
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's title in
SKILL.mdcontains a long sequence of hidden zero-width characters (ZWSP, ZWNJ, ZWJ, and Word Joiner). This obfuscation technique is used to hide data or instructions from human readers and automated security scanners, representing a high risk of hidden malicious behavior.- [COMMAND_EXECUTION]: TheMutationEngine._test_mutantmethod uses theexec()function to run Python source code that has been dynamically modified via string replacement. This allows for arbitrary code execution in the agent's environment, particularly concerning since the source code being modified is provided as input to the tool.
Recommendations
- AI detected serious security threats
Audit Metadata