oma-dev-workflow
Fail
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads and executes an installation script from
https://mise.runvia a shell pipe (curl ... | sh). This is the official installation method for the mise runtime manager. - [COMMAND_EXECUTION]: The skill modifies the user's shell configuration file (
~/.zshrc) by appending an activation command (eval "$(~/.local/bin/mise activate)"). This ensures the toolchain is automatically initialized in new shell sessions. - [COMMAND_EXECUTION]: The skill creates and modifies executable scripts within the
.git/hooksdirectory (commit-msg,pre-commit,pre-push). These hooks are configured to execute mise tasks during the git workflow. - [COMMAND_EXECUTION]: Automates various development tasks including code generation, database migrations, and CI/CD pipelines using tools like
mise,uv,bun, andflutter. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.
- Ingestion points: Parses untrusted data from
git logandgit diffoutputs inresources/validation-pipeline.mdandresources/release-coordination.md. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present.
- Capability inventory: Includes the ability to execute shell commands via
mise run,bunx,uv run, anddocker composeacross multiple scripts. - Sanitization: No sanitization or validation of the ingested git data is performed before it is used to determine execution logic.
Recommendations
- HIGH: Downloads and executes remote code from: https://mise.run - DO NOT USE without thorough review
Audit Metadata