coding-agent
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a comprehensive wrapper for executing arbitrary shell commands, including support for pseudo-terminal allocation and a parameter for elevated privileges.
- [COMMAND_EXECUTION]: Instructions explicitly advocate for the use of --yolo and --full-auto flags with coding agents, which are specifically designed to bypass all approval mechanisms for autonomous code modifications.
- [REMOTE_CODE_EXECUTION]: Documentation provides examples for cloning external GitHub repositories and running package manager commands like pnpm install within those untrusted directories.
- [EXTERNAL_DOWNLOADS]: Directs users to download and install the @mariozechner/pi-coding-agent package from the NPM registry and fetch remote content via git clone from non-whitelisted sources.
- [PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection by passing natural language input to autonomous agents with broad system capabilities.
- Ingestion points: User-provided strings are interpolated directly into shell commands for various coding CLI tools.
- Boundary markers: None identified in the provided examples or instructions.
- Capability inventory: Access to full shell execution, filesystem modification, and potential privilege escalation.
- Sanitization: No validation or escaping is described before passing user input to the underlying terminal applications.
Recommendations
- AI detected serious security threats
Audit Metadata