mise-configuration
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents and encourages the use of 'mise' Tera templates to execute shell commands via the
execfunction. Documented examples include executinggit rev-parse,doppler secrets, andop read(1Password CLI) to dynamically populate environment variables during environment activation.\n- [COMMAND_EXECUTION]: The skill promotes the use of the_.sourcedirective to execute external bash scripts (e.g.,./scripts/env.sh) as part of the environment configuration process.\n- [DATA_EXFILTRATION]: The skill provides detailed implementation patterns for reading sensitive credential files from the local filesystem. Specifically, it guides users to read GitHub tokens from~/.claude/.secrets/using theread_filetemplate function, which exposes sensitive information into the environment variable space.
Audit Metadata