release
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes an installation command
curl https://mise.run | shin the Error Recovery section. This pattern downloads a script from a remote server and pipes it directly into the shell for execution without prior verification. - [EXTERNAL_DOWNLOADS]: Remote scripts are retrieved from the external domain
https://mise.runfor system-level installation. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to run local task runners (e.g.,mise run release:full). These tasks are defined within the repository's filesystem and can execute arbitrary shell logic. - [CREDENTIALS_UNSAFE]: The skill's documentation explicitly mentions the use of
GH_TOKENandGH_ACCOUNTstored in.mise.tomlfiles for authentication purposes during the release process. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the repository it operates on.
- Ingestion points: The agent reads repository-specific task lists via
mise tasks lsand processes contents of files within.mise/tasks/. - Boundary markers: No delimiters or instructions are provided to the agent to ignore potentially malicious instructions embedded in the repository's task definitions or versioning metadata.
- Capability inventory: The skill has access to
Bash,Read,Edit, andTodoWritetools, allowing it to execute commands and modify files. - Sanitization: There is no evidence of sanitization or validation of the task names or scripts before they are executed via the Bash tool.
Recommendations
- HIGH: Downloads and executes remote code from: https://mise.run - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata