pi-coding-agent
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The documentation describes the use of a 'bash' tool which allows the agent to execute shell commands as a primary function.
- [EXTERNAL_DOWNLOADS]: The skill details how to use 'pi install' to fetch packages from well-known registries like NPM and GitHub.
- [REMOTE_CODE_EXECUTION]: Explains the mechanism for running arbitrary TypeScript extensions, noting that these run with system permissions and providing a security warning.
- [CREDENTIALS_UNSAFE]: Mentions standard procedures for configuring API keys and credential storage files.
Audit Metadata