skills/iii-hq/workers/pi/Gen Agent Trust Hub

pi

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill exposes tools for executing shell commands (bash) and performing file operations (read, edit, write) on the host system.
  • Evidence: Found in SKILL.md, describing the Pi coding-agent loop and its capability to run against any host directory.
  • [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection by processing untrusted data from local files and shell outputs.
  • Ingestion Points: Local file content and shell execution results are processed by the agent loop (SKILL.md).
  • Boundary Markers: The skill supports a tools allowlist to restrict available agent capabilities.
  • Capability Inventory: The agent possesses bash, read, write, and edit capabilities (SKILL.md).
  • Sanitization: Operations are subject to an external permission model (iii-permissions.yaml) requiring human approval for high-risk functions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 03:11 PM
Security Audit — agent-trust-hub — pi