pi-en
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The instructions contain directives labeled as 'Always Active' and 'Inviolable', specifically asserting that these rules 'hold supreme weight' and 'pervade the entire document'. This is a directive hijacking pattern designed to prevent the AI from following conflicting instructions or safety guardrails.
- [PROMPT_INJECTION]: The skill description includes an extensive list of keyword triggers (e.g., 'fleet', 'growth', 'creative', 'ops') that go beyond its primary functional scope. This metadata poisoning is intended to manipulate the agent's skill selection process.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process external data—such as source code and documentation—while possessing high-impact capabilities like shell command execution (build, test, curl) and file system modification. While it uses boundary markers such as the '🎯 Proof' and '📋 Pact' templates to structure output, there is no explicit sanitization of the untrusted data it processes.
Audit Metadata