Skills
skills/k-dense-ai/claude-scientific-skills/pi-agent/Gen Agent Trust Hub

pi-agent

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill consists of pedagogical documentation, command references, and architecture overviews for the Pi coding agent. It correctly informs the AI on how to interact with the Pi environment while adhering to security principles, such as recommending the --ignore-scripts flag during installation.
  • [COMMAND_EXECUTION]: The documentation describes the tool's primary function as a shell-integrated harness that executes commands via a built-in bash tool. It explains UI shortcuts (!command) and configuration options (shellCommandPrefix) that allow the agent to interact directly with the host terminal. These are intended core features of the terminal harness being documented.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the Pi agent and its official extensions (e.g., pi-subagents, pi-web-access) from the npm registry and the vendor's official domain (https://pi.dev/install.sh). These resources are verified as belonging to the official distribution channels for the software.
  • [DATA_EXFILTRATION]: Documentation provides guidance on secure credential management, recommending the use of environment variables and the tool's native auth.json system for storing API keys. It explains how keys can be resolved dynamically via shell commands (!op read...) which is a documented feature for integrating with secret managers.
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface analysis:
  • Ingestion points: The tool processes data from external URLs, GitHub repositories, YouTube transcripts, and local video/PDF files through the fetch_content and web_search tools (see references/pi-web-access.md), as well as outputs from child agents (see references/pi-subagents.md).
  • Boundary markers: The documented session format (references/session-format.md) utilizes structured JSONL entries to isolate system, user, and assistant turns.
  • Capability inventory: The agent has full file system access (read, write, edit) and shell execution (bash) permissions on the host system.
  • Sanitization: Documentation focuses on functional usage and UI rendering; it does not explicitly detail the internal sanitization logic for data retrieved from external sources before it is processed by the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:29 AM
Security Audit — agent-trust-hub — pi-agent