vector-forge
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches mutation testing binaries and configuration scripts from established repositories on GitHub and Cloudsmith. These downloads are necessary for the setup of frameworks like Mull and cargo-mutants.
- [REMOTE_CODE_EXECUTION]: The instruction set includes automated installation routines that execute remote shell scripts (e.g., via curl | bash) to configure software repositories for the Mull testing tool. These scripts originate from the official Cloudsmith infrastructure for the project.
- [COMMAND_EXECUTION]: The workflow involves extensive use of system commands and package managers including uv, pip, npm, cargo, and go. These are used to prepare test harnesses, compile implementations, and run the mutation testing engines.
- [PROMPT_INJECTION]: As the skill is designed to analyze and process arbitrary implementation code and test vectors, it possesses an attack surface for indirect prompt injection. This is an inherent risk of the code-analysis use case where untrusted source code is ingested into the agent context for triage and reporting.
Audit Metadata