pi-skills

Structured workflow for investigating public software supply-chain attacks across local repositories, GitHub organizations, and CI/host fleets. Use when asked to assess exposure to compromised packages, malicious releases, package-manager attacks, GitHub Actions/OIDC abuse, or published IOC lists.

Multi-model code review. Runs code-review skill with 2 models in parallel, then synthesizes findings.

Multi-agent workflow (tracer/resolver/bypass) for secure code review, exploitability triage, and PoC validation in codebases. Use when conducting structured security research or penetration test analysis.

Send a desktop notification when pi finishes a task. Works on macOS, Windows, and Linux. On first use, interactively asks the user to choose a notification preference (always, ask every time, or never) via arrow-key selector. Use this skill at the end of every task completion — after committing, after finishing a code change, after answering a question, or any other unit of work.

Search a specific GitHub repository for code using gh search and fetch file contents via gh api without cloning. Use when given a repo URL and query to locate logic in remote repos.

Use the bkci CLI to query Buildkite builds, logs, artifacts, and token scope status with LLM-friendly JSON output.

Analyze Playwright test logs on Buildkite to extract failed-only tests across jobs.

Help address review/issue comments on the open GitHub PR for the current branch using gh CLI; verify gh auth first and prompt the user to authenticate if not logged in.