Skills
skills/proffesor-for-testing/sentinel-api-testing/mutation-testing/Gen Agent Trust Hub

mutation-testing

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill creates a high-severity Indirect Prompt Injection surface by requiring agents to ingest untrusted data and perform write/execute operations. * Evidence: 1. Ingestion points: The skill processes source code (e.g., 'src/payment.ts'), 'coverageData', and 'mutationData'. 2. Boundary markers: No explicit delimiters or instructions to disregard embedded instructions are provided for input data. 3. Capability inventory: The skill utilizes shell command execution ('npx stryker') and automated file generation ('generateMissingTests'). 4. Sanitization: No sanitization or validation of the input data is described.
  • COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to execute shell commands such as 'npx stryker run' and 'npx stryker init', providing a direct pathway for running local code through the agent.
  • EXTERNAL_DOWNLOADS (LOW): Recommends installing '@stryker-mutator/core' and '@stryker-mutator/jest-runner' via npm. While these are legitimate developer tools, they represent external dependencies introduced into the environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:37 PM