mise-configuration
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation includes examples of shell commands for verifying environment configurations and GitHub account alignment. These are standard developer operations intended for project setup and validation.
- [REMOTE_CODE_EXECUTION]: The documentation references the
execfunction withinmisetemplates (Tera). This is a built-in feature of the tool being configured, used for generating dynamic values like git hashes or timestamps, and does not constitute a vulnerability in the skill itself. - [DATA_EXFILTRATION]: While the skill discusses handling sensitive tokens (e.g.,
GH_TOKEN,API_KEY), it explicitly promotes secure practices such as redaction, using external secret managers like 1Password and Doppler, and storing secrets in gitignored.envfiles. - [PROMPT_INJECTION]: The skill provides patterns for reading project configuration files. While these represent a surface for indirect prompt injection if the files are attacker-controlled, the skill includes guidance on managing these configurations safely and does not contain instructions that bypass agent safety guidelines.
Audit Metadata