developer-workflow
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute a remote script using 'curl https://mise.run | sh' in SKILL.md, which is a pattern for executing unverified external code.
- [COMMAND_EXECUTION]: The skill modifies the user's shell configuration ('~/.zshrc') to establish persistence for the task runner. It also dynamically creates and makes executable various shell scripts within the '.git/hooks' directory in resources/validation-pipeline.md, which are triggered by git actions.
- [PROMPT_INJECTION]: The skill processes untrusted repository metadata, creating a surface for indirect prompt injection. 1. Ingestion points: Git commit messages and changed file lists via 'git log' and 'git diff' in resources/validation-pipeline.md. 2. Boundary markers: Absent; input is parsed directly by shell logic. 3. Capability inventory: Execution of arbitrary tasks via 'mise run', 'bunx', 'uv run', and 'docker compose'. 4. Sanitization: Absent; input is passed to external validation tools without escaping.
- [EXTERNAL_DOWNLOADS]: The skill downloads runtimes and packages from external registries, including toolchain components via 'mise install', Node.js utilities via 'bunx', and Python dependencies via 'uv'.
Recommendations
- HIGH: Downloads and executes remote code from: https://mise.run - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata