release

The skill fragment is purpose-aligned for release orchestration, delegating to repo-defined mise tasks and falling back to semantic-release guidance. However, it contains a high-risk download-execute pattern (curl https://mise.run | sh) for error recovery, which constitutes a supply-chain risk if not protected (no integrity verification, no pinning). Credential-related guidance (GH_TOKEN/GH_ACCOUNT in .mise.toml [env]) introduces potential credential exposure to downstream tooling. Overall, the asset shows moderate-to-high risk due to the remote installer pattern and external tooling dependency; treat as SECURITY RISK: MEDIUM-HIGH with recommended mitigations (pin versions, verify checksums, use signed installers, minimize credential exposure, and prefer in-repo or vendor-verified bootstrap methods).