mise
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to fetch the installation script from 'https://mise.run', which is the official distribution point for the mise utility.
- [COMMAND_EXECUTION]: Instructions cover shell activation and the configuration of environment hooks within shell profile files like '.zshrc' and '.bashrc'.
- [REMOTE_CODE_EXECUTION]: Documentation describes the use of 'mise run' and 'mise exec' to execute shell commands and project tasks defined in configuration files.
- [PROMPT_INJECTION]: The skill involves an indirect prompt injection surface by guiding the agent to process and act upon configuration files found in user repositories. * Ingestion points: Interprets project-specific files such as 'mise.toml', '.nvmrc', and '.tool-versions'. * Boundary markers: Absent; there are no instructions for the agent to distinguish between valid configuration and potentially malicious natural language instructions embedded in those files. * Capability inventory: Includes executing shell tasks, installing remote binaries through various backends, and modifying environment variables and PATH. * Sanitization: Absent; the skill does not suggest validation or sanitization of the content within the processed configuration files.
Audit Metadata