getcompanion-ai/co-mono
1
0
Fork 0
mirror of https://github.com/getcompanion-ai/co-mono.git synced 2026-04-15 10:05:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs(coding-agent): add security warnings for third-party packages

Browse source 
- README.md: Pi Packages section
- packages.md: Install and Manage section
- extensions.md: Extension Locations section
- skills.md: Locations section
This commit is contained in:
Mario Zechner 2026-01-26 12:38:04 +01:00
parent a8d04a1dbf
commit 7a0b435923
4 changed files with 13 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
packages/coding-agent/README.md
View file

@ -319,6 +319,8 @@ Place in `~/.pi/agent/themes/`, `.pi/themes/`, or a [pi package](#pi-packages) t
Bundle and share extensions, skills, prompts, and themes via npm or git. Find packages on [npmjs.com](https://www.npmjs.com/search?q=keywords%3Api-package) or [Discord](https://discord.com/channels/1456806362351669492/1457744485428629628).
> **Security:** Pi packages run with full system access. Extensions execute arbitrary code, and skills can instruct the model to perform any action including running executables. Review source code before installing third-party packages.
```bash
pi install npm:@foo/pi-tools
pi install npm:@foo/pi-tools@1.2.3 # pinned version