pi-interactive-shell
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions and examples for executing shell commands and terminal-based sub-agents (such as Claude, Gemini, and Aider) using the
interactive_shelltool. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it is designed to ingest and act upon the output of external sub-agents, which are untrusted data sources.
- Ingestion points: Terminal output and handoff previews from delegated agents enter the agent's context through
interactive_shellstatus queries and snapshot files. - Boundary markers: No specific delimiters or 'ignore' instructions are provided to separate sub-agent output from the main instruction stream.
- Capability inventory: The skill utilizes the
interactive_shelltool, which has the capability to execute commands, send input/key-sequences to processes, and manage background execution. - Sanitization: The workflow does not include sanitization or validation of the output received from sub-agents before it is processed by the primary agent.
Audit Metadata