coding-agent
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: A sensitive Google Gemini API key is hardcoded directly in the source code.\n
- Evidence:
index.jscontainsthis.apiKey = "AIzaSyCKWmPmAkZWvI2KiblawWPUESyCp9dEjk0";.\n- [COMMAND_EXECUTION]: The skill documentation explicitly instructs users to use dangerous operational flags and configurations.\n - Evidence:
SKILL.mdrecommends the--yoloflag for Codex, which is described as having "NO sandbox, NO approvals".\n - Evidence: The skill requires
pty:truefor interactive shell access, which increases the impact of potential command execution attacks.\n- [EXTERNAL_DOWNLOADS]: The skill documentation prompts the user to download and install global packages from external sources.\n - Evidence:
SKILL.mdsuggests runningnpm install -g @mariozechner/pi-coding-agent.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through the processing of untrusted external content such as Pull Requests.\n - Ingestion points:
SKILL.mddescribes cloning and checking out PRs for review.\n - Boundary markers: Absent; no markers are used to isolate untrusted code from agent instructions.\n
- Capability inventory: The agent has access to the
bashtool withpty,background, andelevatedpermissions.\n - Sanitization: Absent; no validation or sanitization is performed on the untrusted codebase content before it is processed by sub-agents.
Recommendations
- AI detected serious security threats
Audit Metadata