pi
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill exposes tools for executing shell commands (bash) and performing file operations (read, edit, write) on the host system.
- Evidence: Found in SKILL.md, describing the Pi coding-agent loop and its capability to run against any host directory.
- [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection by processing untrusted data from local files and shell outputs.
- Ingestion Points: Local file content and shell execution results are processed by the agent loop (SKILL.md).
- Boundary Markers: The skill supports a tools allowlist to restrict available agent capabilities.
- Capability Inventory: The agent possesses bash, read, write, and edit capabilities (SKILL.md).
- Sanitization: Operations are subject to an external permission model (iii-permissions.yaml) requiring human approval for high-risk functions.
Audit Metadata