pi-share

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill fetches arbitrary public GitHub Gists (see fetchSessionHtml calling https://api.github.com/gists/${gistId}) to extract base64-encoded session.html user-generated transcripts, then parses and feeds those transcripts into downstream processing and a summarization tool (generateHumanSummary/pi), so untrusted third-party content is read and can materially influence prompts and tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches session exports at runtime from GitHub Gists (via https://api.github.com/gists/ and potentially the gist raw URL) and directly injects the fetched session content into the prompt passed to the 'pi' CLI (claude-haiku-4-5), so remote content can control agent instructions.