pi-package-creator
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides complex shell instruction blocks in
references/validation.mdintended for direct execution by the agent. - Evidence: Instructions use
npm test,npm run build, and thepiCLI tool to perform installations and validation loops. - Evidence: The validation workflow involves file system manipulation, including
mktemp -dfor environment setup andrm -rffor cleanup. - [COMMAND_EXECUTION]: Dynamic script execution via heredocs (hereditary documents).
- Evidence: In
references/validation.md, inline Python code is piped topython3 -to extract package names and validate manifests frompackage.jsonfiles. - [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface.
- Ingestion points: The skill is designed to read and process external
package.jsonfiles and other project resources (references/validation.md). - Boundary markers: Absent. There are no specified delimiters or instructions for the agent to ignore embedded commands within the data being processed.
- Capability inventory: The skill utilizes high-privilege capabilities including shell command execution, file system writes, and package manager operations (
references/validation.md). - Sanitization: Absent. The logic does not specify sanitization or escaping for data interpolated from the package manifests into the shell commands or agent context.
Audit Metadata