mise-expert

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] BENIGN: The fragment is a comprehensive specification for a development environment management skill (mise) with migration paths, task patterns, and CI/CD integration guidance. It presents capabilities and usage patterns consistent with the stated purpose. No runtime code or covert data flows are present that would indicate malicious behavior. Potential external calls in examples (e.g., Slack notifications) are configuration-time patterns and depend on user activation; secrets handling is described with reasonable safeguards (e.g., .env files). Overall footprint is coherent and proportionate to the intended purpose. LLM verification: This skill document describes a benign-seeming development environment manager and provides many legitimate configuration examples. However, it includes several risky operational patterns in its examples — notably 'curl https://mise.run | sh', multiple 'rm -rf' usages, and chmod 777 — which are dangerous if executed without inspection. The document itself does not show explicit malicious behavior (no embedded exfiltration or obfuscation), but the presence of pipe-to-shell installer instructions