genotoxic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Phase 2/Phase 3) mandates running and parsing outputs from external mutation tools and test-removal tooling (e.g., Stryker/mutmut/Mull JSON reports, slither-mutate's patches_files.txt, necessist --dump) and mapping those survived-mutant diffs and removed test statements (user/project code and public tool outputs) into triage decisions, which are untrusted, user- or third-party-generated content that the agent must read and that can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes explicit runtime install commands that fetch and execute remote code (e.g., "curl -1sLf 'https://dl.cloudsmith.io/public/mull-project/mull-stable/setup.deb.sh' | sudo -E bash") and downloads from the Mull GitHub releases page (https://github.com/mull-project/mull/releases/latest), which are external URLs used at runtime to install binaries/scripts that will execute on the host.