session-analyzer
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive conversation logs located at
~/.pi/agent/sessions/. While the primary output is described as local, the "Analyze" feature spawns "subagents," which typically involves sending these private transcripts to external LLM providers for processing. - [COMMAND_EXECUTION]: The skill executes local Javascript files (
analyze.jsandmodel-performance.js) using the Node.js runtime. This gives the scripts full access to the user's filesystem and environment context. - [EXTERNAL_DOWNLOADS]: The setup instructions require running
npm installwithin a directory containing code from an unverified external source (github.com/ferologics/pi-skills). This may download numerous third-party dependencies that have not been vetted for security. - [PROMPT_INJECTION]: The skill processes session transcripts, which are considered untrusted data. This introduces a surface for Indirect Prompt Injection (Category 8):
- Ingestion points: Reads transcripts from
~/.pi/agent/sessions/viaanalyze.js. - Boundary markers: None identified in the provided documentation to prevent subagents from obeying instructions found within the transcripts.
- Capability inventory: The skill can read local files and execute commands via Node.js scripts.
- Sanitization: No sanitization or filtering of the transcript content is mentioned before it is processed by the AI subagents.
Audit Metadata