mise-tool-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly allows installing and sourcing tools from public third‑party locations (e.g., "my-tool = 'git:https://github.com/org/tool.git'", "npm:typescript", "cargo:...") and includes commands that query remote registries ("mise ls-remote", "mise latest"), which means the agent can fetch and process untrusted, user‑generated content from the open web.