pi-cli-workspace
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses grounding instructions to restrict the agent's knowledge base to the
pi-mono/directory. This is an intended behavioral constraint for a workspace-specific documentation agent and does not bypass safety filters. - [DATA_EXFILTRATION]: The instructions identify the location of configuration and authentication files (e.g.,
auth.json,settings.json) within the tool's architecture. This is provided for informational purposes to help users understand the system and does not instruct the agent to exfiltrate these files. - [EXTERNAL_DOWNLOADS]: The skill references the
badlogic/pi-monoGitHub repository as its primary source of information. This reference to a well-known hosting service is used for grounding and does not involve automated remote code execution. - [PROMPT_INJECTION]: The skill defines an indirect prompt injection surface by requiring the agent to process documentation and source files from an external repository.
- Ingestion points: Markdown and source files located in the
pi-mono/repository paths. - Boundary markers: None; the skill does not specify delimiters to separate untrusted content from system instructions.
- Capability inventory: The toolset described includes
read,bash,edit, andwritecapabilities. - Sanitization: There are no instructions provided to sanitize or validate the content ingested from the repository.
Audit Metadata