mise-config
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill generates 'mise.toml' files containing a '[tasks]' section. These tasks allow for the execution of arbitrary shell commands (e.g., 'npm run dev', 'docker build') which are run with the user's privileges.
- [COMMAND_EXECUTION] (MEDIUM): In 'resources/02-env.md', the skill promotes the use of the '{{exec(cmd)}}' template variable. This feature executes shell commands automatically during environment variable resolution (e.g., when the user enters the project directory).
- [REMOTE_CODE_EXECUTION] (MEDIUM): The 'resources/01-tools.md' file documents 'postinstall' hooks in the '[tools]' section. These hooks execute arbitrary code immediately after a tool installation finishes, representing a background execution vector.
- [EXTERNAL_DOWNLOADS] (LOW): The skill suggests installing tools from several external registries including npm, Cargo, and GitHub (via the 'ubi' installer). This involves downloading and running third-party binaries from remote sources.
- [DATA_EXPOSURE] (LOW): The skill is instructed to read the user's global mise configuration located at '~/dots/config/mise/config.toml' for context. While used for tailoring project configs, this involves accessing local configuration files that may contain details about the user's environment setup.
Audit Metadata