Skills
skills/agents365-ai/365-skills/pi-cli-runtime/Gen Agent Trust Hub

pi-cli-runtime

Warn

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands by interpolating user-provided text into a command line template: node "${CLAUDE_PLUGIN_ROOT}/scripts/pi-companion.mjs" task "<raw arguments>".
  • [COMMAND_EXECUTION]: The instructions explicitly direct the agent to "Preserve the user's task text as-is" when forwarding it to the CLI tool. This pattern is vulnerable to shell command injection if the user input contains malicious metacharacters and the execution environment does not handle them safely.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted user data and passing it to a high-capability environment. Ingestion point: User task text. Boundary markers: Absent. Capability inventory: Subprocess calls and file-writing via the --write flag enabled by default in SKILL.md. Sanitization: Explicitly absent as instructions require data to be passed "as-is".
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 26, 2026, 05:27 AM
Security Audit — agent-trust-hub — pi-cli-runtime