pi-session-logs
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes session logs that contain raw content from previous user and assistant interactions.
- Ingestion points: Interaction data is ingested from
.jsonlfiles located in~/.pi/agent/sessions/(SKILL.md). - Boundary markers: No delimiters or warnings are used to prevent the agent from following instructions that might be embedded in the log content.
- Capability inventory: The skill uses Nushell (
nu) to read files and process JSON data. No network exfiltration or file-write capabilities are identified in the provided scripts. - Sanitization: The scripts perform structured querying (filtering and selecting fields) but do not sanitize or escape the content of the messages before they are processed by the agent.
- [COMMAND_EXECUTION]: The skill uses Nushell commands to access and read application-specific data on the local filesystem.
- Evidence: Scripts use
open,ls, andopen-jsonl(a custom helper) to access the~/.pi/agent/sessions/directory to retrieve session events, tool calls, and thinking content.
Audit Metadata