mise
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill environment setup uses piped shell execution (curl | sh) to install 'mise' and 'rustup' from external domains (mise.run and sh.rustup.rs), which are not on the trusted source list.
- [EXTERNAL_DOWNLOADS] (HIGH): The 'templates/multi-arch.md' file configures the installation of the 'beads' binary from a non-whitelisted GitHub repository ('steveyegge/beads') using the 'latest' tag, which bypasses version integrity and allows for arbitrary binary execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://sh.rustup.rs, https://mise.run - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata