Genotoxic
Skill ActiveGraph-informed mutation testing triage. Parses codebases with Trailmark, runs mutation testing and necessist, then uses survived mutants, unnecessary test statements, and call graph data to identify false positives, missing test coverage, and fuzzing targets. Use when triaging survived mutants, analyzing mutation testing results, identifying test gaps, finding fuzzing targets from weak tests, running mutation frameworks (including circomvent and cairo-mutants), or using necessist.
To provide developers and security analysts with a systematic way to triage and prioritize issues found through mutation testing and test analysis, leading to more robust and secure code.
Features
- Graph-informed mutation testing triage
- Analysis of survived mutants and test statement removals
- Identification of false positives, missing tests, and fuzzing targets
- Support for multiple mutation frameworks and languages
- Integration with code graph analysis for context
Use Cases
- Triaging survived mutants after mutation testing
- Analyzing mutation testing results to find test gaps
- Identifying functions that need fuzz harnesses instead of unit tests
- Prioritizing test improvements using data flow context
- Filtering harmless mutants and finding unnecessary test statements
Non-Goals
- Replacing the need to write initial tests
- Performing pure documentation or configuration changes
- Analyzing single-file scripts with trivial logic
- Falling back to manual analysis when tooling is not installed
Workflow
- Build code graph with trailmark
- Run mutation testing framework
- Run necessist (optional, parallel)
- Triage findings using graph data
- Generate categorized report
Practices
- Mutation testing
- Test analysis
- Code quality
- Security analysis
Prerequisites
- trailmark installed
- A mutation testing framework for the target language
- necessist (optional, recommended)
- An existing test suite that passes
- macOS environment: Run 'ulimit -n 1024' before any 'mull-runner' invocation
Trust
- warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a slow response rate to open issues.
Installation
First, add the marketplace
/plugin marketplace add trailofbits/skills/plugin install trailmark@trailofbitsQuality Score
Trust Signals
Similar Extensions
Cleanup Cycles
100Detect and untangle circular dependencies. Runs madge/skott (TS), pycycle (Py), or compiler-only checks (Go/Rust). Auto-fixes leaf-extractable cycles; reports core cycles for human review. Use when the user asks to find circular imports, fix dependency cycles, or untangle module graph. Example queries — "find circular imports", "fix dependency cycles", "untangle our module graph", "why is madge complaining".
Lean Ctx
100Context Runtime for AI Agents — 59 MCP tools, 10 read modes, 95+ shell patterns, tree-sitter AST for 18 languages. Compresses LLM context by up to 99%. Use when reading files, running shell commands, searching code, or exploring directories. Auto-installs if not present.
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Safe Mode
100Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.
Fixflow
100Execute coding tasks with a strict delivery workflow: build a full plan, implement one step at a time, run tests continuously, and commit by default after each step (`per_step`). Support explicit commit policy overrides (`final_only`, `milestone`) and optional BDD (Given/When/Then) when users ask for behavior-driven delivery or requirements are unclear.
Definition Of Done
100Mandatory checks to run before completing any task that touches md files or dart code in this repository.