pi-share
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script fetches data from api.github.com and raw.githubusercontent.com to retrieve session data stored as GitHub Gists. This is neutral as it targets well-known services for its primary function.\n- [COMMAND_EXECUTION]: The script uses spawnSync to execute the pi CLI tool for generating human-centric summaries of sessions (fetch-session.mjs, line 257).\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. External content from Gists is decoded and inserted directly into a prompt for the pi command in fetch-session.mjs without sanitization or strong boundary markers.\n
- Ingestion points: fetchSessionHtml (line 77) and extractSessionData (line 105) in fetch-session.mjs retrieve untrusted data from GitHub Gists.\n
- Boundary markers: Absent. The transcript data is simply appended to the instructional prompt text without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The script executes the pi command with the --no-tools and --no-session flags, which significantly mitigates the risk of an attacker executing malicious tool calls even if they successfully hijack the prompt context.\n
- Sanitization: No escaping, filtering, or validation is performed on the extracted session data before it is sent to the summarizer.
Audit Metadata