pi-coding-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly allows installing and auto-loading third-party pi packages and extensions from npm, git, and raw URLs (see "Installing third-party packages" and the "pi install" examples) which can contain untrusted user-generated skills, prompts, and extensions that the agent will load and execute, therefore allowing indirect prompt injection.