docs(coding-agent): add security warnings for third-party packages
- README.md: Pi Packages section - packages.md: Install and Manage section - extensions.md: Extension Locations section - skills.md: Locations section
This commit is contained in:
@@ -319,6 +319,8 @@ Place in `~/.pi/agent/themes/`, `.pi/themes/`, or a [pi package](#pi-packages) t
|
||||
|
||||
Bundle and share extensions, skills, prompts, and themes via npm or git. Find packages on [npmjs.com](https://www.npmjs.com/search?q=keywords%3Api-package) or [Discord](https://discord.com/channels/1456806362351669492/1457744485428629628).
|
||||
|
||||
> **Security:** Pi packages run with full system access. Extensions execute arbitrary code, and skills can instruct the model to perform any action including running executables. Review source code before installing third-party packages.
|
||||
|
||||
```bash
|
||||
pi install npm:@foo/pi-tools
|
||||
pi install npm:@foo/pi-tools@1.2.3 # pinned version
|
||||
|
||||
Reference in New Issue
Block a user