mise-tool-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill's primary purpose involves using the Bash tool to install and configure development software. This behavior is expected and appropriate for a tool management skill.- [EXTERNAL_DOWNLOADS] (LOW): The skill examples include downloading tools from external registries such as NPM, Cargo, and Go, as well as arbitrary Git repositories. This is standard functionality for Mise.- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected (Category 8). The skill demonstrates reading local files such as .nvmrc or .tool-versions and directly using their output in shell commands (e.g., mise use node@$(cat .nvmrc)). This could be exploited if a malicious file is present in the project directory. \n
- Ingestion points: .nvmrc, .tool-versions, .python-version files. \n
- Boundary markers: None identified. \n
- Capability inventory: Bash, Write, Edit, Read, Grep, Glob. \n
- Sanitization: No validation or escaping is shown for the data ingested from these files.
Audit Metadata