pi-logs
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive session logs located at
~/.pi/agent/sessions/. These logs contain interaction history, including user messages, tool calls, and assistant responses, which may expose secrets, credentials, or private code used in prior sessions.\n- [PROMPT_INJECTION]: The skill processes untrusted historical data from session logs, establishing an indirect prompt injection surface.\n - Ingestion points: Reads
.jsonlfiles from~/.pi/agent/sessions/in SKILL.md.\n - Boundary markers: None identified; historical data is processed without delimiters to separate it from current instructions.\n
- Capability inventory: Provides commands to extract bash execution history and file access patterns using Nushell.\n
- Sanitization: No sanitization or escaping of log content is performed during processing or display.
Audit Metadata