coding-agent
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions propose constructing bash commands by wrapping user-provided prompts in single quotes, such as: command:"codex exec 'Your prompt'". This pattern is vulnerable to shell command injection if the input prompt contains single quotes or other shell metacharacters that can break out of the literal string. Similar interpolation risks exist for the notification commands that use variables like target and message.
- [EXTERNAL_DOWNLOADS]: The skill documentation suggests the installation and use of the npm package @mariozechner/pi-coding-agent, which is a third-party dependency from a source that is not verified or well-known.
- [PROMPT_INJECTION]: The instructions explicitly direct the agent to bypass the internal security guardrails and permission prompts of the managed sub-agents, specifically by utilizing the --permission-mode bypassPermissions flag for Claude Code. This removes human-in-the-loop safety checkpoints for command execution and file system modifications.
Audit Metadata