The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The skill documents the use of exec templates within mise.toml files (e.g., {{ exec(command='git branch --show-current') }}). This feature allows for arbitrary shell command execution during the configuration loading process. If an agent is induced to process a malicious configuration file from an untrusted repository, it could lead to unauthorized command execution through the Bash tool.
PROMPT_INJECTION (LOW): The skill identifies a surface for indirect prompt injection via external data ingestion. Ingestion points: The agent is instructed to read and manage environment variables from mise.toml, .env, and .env.local files. Boundary markers: Absent; there are no instructions to the agent to treat configuration data as untrusted or to ignore instructions embedded within these files. Capability inventory: The agent has access to high-impact tools including Bash, Write, and Edit. Sanitization: Absent; the skill provides no guidance on validating or sanitizing the content of configuration files before they are processed or executed.

mise-environment-management