release
Fail
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill contains instructions to download the 'mise' utility installer from its official website (https://mise.run).
- [REMOTE_CODE_EXECUTION]: The installer script from https://mise.run is executed by piping it directly to the shell (sh).
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to execute 'mise' commands, which runs release tasks defined within the project's own file system.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it executes commands defined in task files (.mise/tasks/) found within the current repository. An untrusted repository could contain malicious commands in these files that the agent would execute.
- Ingestion points: Task configuration files located in the repository's .mise/tasks/ directory.
- Boundary markers: None; the agent is instructed to trust and run the repository's tasks without delimiters or warnings.
- Capability inventory: The agent can run arbitrary shell commands via 'mise run' and has access to the skill's allowed tools.
- Sanitization: There is no validation or sanitization of the commands contained within the repository's task files before they are executed.
Recommendations
- HIGH: Downloads and executes remote code from: https://mise.run - DO NOT USE without thorough review
Audit Metadata