The Agent Skills Directory

[COMMAND_EXECUTION]: The tool provides extensive command execution capabilities. It runs project-specific test commands defined in .pi-config.json (lib/test/runner.js), executes git for impact analysis (lib/deps/graph.js), and calls external LLM binaries like claude, gemini, and codeagent-wrapper (lib/llm/batch.js).
[REMOTE_CODE_EXECUTION]: The dashboard server (ui/server.js) exposes a task-starting API (/api/tasks/start) that accepts a task type and an array of arguments. These arguments are passed to child_process.spawn via the TaskManager. Combined with the permissive Access-Control-Allow-Origin: * header, this creates a potential remote code execution surface for any web page the user visits while the dashboard is running.
[PROMPT_INJECTION]: An indirect prompt injection vulnerability surface is present. The tool reads project source code, documentation, and test logs, which are then interpolated into prompts sent to the LLM (lib/module/analyzer.js and lib/test/fix.js). A malicious file in an analyzed repository could contain embedded instructions to trick the AI into generating incorrect docs or malicious code fixes. Although a SAFETY_PROMPT_PREFIX is used to mitigate this, the risk remains.
[EXTERNAL_DOWNLOADS]: The tool interacts with an external Kanban API (defaulting to http://127.0.0.1:3007/api/v1) to create tasks based on audit issues. It also relies on external tools like codeagent-wrapper for its core LLM functionality.

pi-cli