update-pi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly queries the public npm registry ("npm view @mariozechner/pi-coding-agent version") and uses that untrusted package metadata to decide installs and update package.json, so arbitrary third-party content from npm can influence actions and trigger installs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). At runtime the script runs npm install -g "@mariozechner/pi-coding-agent" and bun install which fetch required packages from the npm registry (e.g. https://registry.npmjs.org/@mariozechner/pi-coding-agent) — these remote packages are required by the skill and can execute code during install and directly alter agent behavior, so they present a runtime risk.