mise

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows (e.g., "run mise install" in Workflow 1 and the orchestration of backends) and the docs in references/backends.md and references/advanced-features.md explicitly describe fetching remote version lists and installing from public sources (GitHub Releases/UBI, npm, PyPI/Cargo, Aqua registry) and installing Lua/git plugins (e.g., "mise plugins install ... https://github.com/..."), meaning the agent's recommended runtime actions will ingest and act on untrusted, user/third‑party content (version lists, plugin code, download URLs) that can materially change behavior.