The Agent Skills Directory

[COMMAND_EXECUTION]: The helper script scripts/check-pi-version executes multiple system commands including the GitHub CLI (gh), Node.js, and various package managers (npm, pnpm, yarn, bun). These tools are used to detect current framework versions, modify local package.json files, and perform software installations in the user's workspace.
[EXTERNAL_DOWNLOADS]: The skill fetches release metadata, version tags, and changelog content from the earendil-works/pi repository on GitHub using the gh tool.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests untrusted data from GitHub release notes which the agent is then instructed to analyze and use for generating migration reports and recommendations. If the remote repository's release content were compromised, it could attempt to influence the agent's behavior or recommendations during the upgrade process.
Ingestion points: Release bodies and metadata fetched via gh release view in the scripts/check-pi-version helper script.
Boundary markers: Absent in SKILL.md instructions; the agent is directed to read and analyze the newly installed documentation and release notes without explicit delimiters or instructions to ignore embedded commands.
Capability inventory: The script performs file system writes to package.json and executes package manager installation commands (npm, pnpm, etc.) which could be targeted by a malicious release payload.
Sanitization: No explicit sanitization or filtering is performed on the fetched release content before it is passed to the agent for analysis.

pi-upgrade