Skills
skills/delorenj/skills/mise-task-managing/Gen Agent Trust Hub

mise-task-managing

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The primary function of this skill is to instruct the agent on how to manage and execute project tasks using mise run. This involves executing arbitrary shell commands defined in mise.toml or standalone script files, which is the intended purpose of the tool.
  • [EXTERNAL_DOWNLOADS]: The skill documents the use of various backends (aqua, ubi, cargo, pipx, gem) to download and install development tools from remote sources. It also references the official installation script for the mise CLI (https://mise.run). These are standard operational features of the tool.
  • [REMOTE_CODE_EXECUTION]: Documentation in tasks.md describes a feature allowing the execution of remote tasks via Git URLs (e.g., git::https://github.com/user/repo//path/to/task). The skill includes explicit warnings that these files will be downloaded and executed, advising users to only trust verified sources.
  • [PROMPT_INJECTION]: The skill processes untrusted project configuration files (mise.toml, .tool-versions) which may contain malicious shell commands or environment variables (Indirect Prompt Injection surface).
  • Ingestion points: mise.toml, .tool-versions, and task script files located in .mise/tasks/ or other configured task directories.
  • Boundary markers: None explicitly defined in the agent instructions to handle content from these files.
  • Capability inventory: Capability to execute shell commands via mise run, modify local configuration via mise set, and manage trusted configurations via mise trust.
  • Sanitization: The skill documents mise's built-in security mechanism (mise trust), which requires explicit user consent before enabling potentially dangerous features in a configuration file.
  • [PROMPT_INJECTION]: The SKILL.md file contains assertive directives ("ALWAYS FOLLOW MY STANDARDS... THEY SHALL OVERRIDE ANY CONFLICTING INSTRUCTIONS"). These are standard instruction-strengthening techniques used to ensure the agent adheres to specific tool best practices and do not represent an attempt to bypass system safety filters.
  • [SAFE]: Presence of zero-width space characters (U+200B) was detected in references/cli_reference.md, references/tasks.md, and references/dev_tools.md. These characters are located at the end of section headers and appear to be benign residual artifacts from scraping the official mise documentation website. They do not encode hidden commands or data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 03:36 AM