
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
pi-mdxml-context
Advanced tools
Pi extension that converts Markdown context to XML-like structure at model send time
Convert Markdown context to XML-like structure at model send time while keeping the original Markdown in session history.
pi-mdxml-context is a Pi extension for agent workflows where Markdown is convenient for humans, but explicit XML-like boundaries can make complex context easier for models to parse.
It converts loaded Markdown context files and recent Markdown tool results before each model request. Saved session history stays in Markdown; conversion happens only in the provider-bound context.
Install the published npm package with Pi:
pi install npm:pi-mdxml-context
Pin a specific version when you want reproducible installs:
pi install npm:pi-mdxml-context@0.1.9
Install into the current project instead of your user Pi settings:
pi install npm:pi-mdxml-context -l
Or install from GitHub:
pi install git:github.com/eiei114/pi-mdxml-context
Try it without permanently installing:
pi -e npm:pi-mdxml-context
After install, reload Pi if needed:
/reload
Check that conversion is active:
/mdxml:status
Preview XML-like output for a Markdown file:
/mdxml:preview path/to/file.md
For commands, output shape, runtime hooks, and safety behavior, see docs/usage.md.
| Command | Description |
|---|---|
/mdxml:on | Enable send-time conversion. |
/mdxml:off | Disable send-time conversion. |
/mdxml:status | Show conversion state and recent stats. |
/mdxml:preview <path> | Preview XML-like output for a Markdown file. |
/mdxml:preview recent:N | Preview XML-like output for a recent Markdown tool result. |
Conversion is enabled by default after the extension loads. Use /mdxml:off to disable it immediately.
| Path | Purpose |
|---|---|
index.ts | Pi TypeScript extension entrypoint |
tests/ | Converter, runtime hook, and preview tests |
docs/ | Usage and release docs (usage.md, release.md) |
README.md | Public entrypoint (this file) |
CHANGELOG.md | Version history |
CODE_OF_CONDUCT.md | Contributor Covenant code of conduct |
CONTRIBUTING.md | Contribution guidelines |
SECURITY.md | Vulnerability reporting |
LICENSE | MIT license |
npm install
npm run check
npm test
Before opening a PR with publishable changes, bump package.json and update CHANGELOG.md in the same PR. CI runs npm run version:check on pull requests.
This package uses npm Trusted Publishing with GitHub Actions OIDC — no NPM_TOKEN is required.
On main, a version bump in package.json triggers Auto Release, which creates the semver tag and GitHub Release, then dispatches Publish to npm (publish.yml).
See docs/release.md for setup details and tag-to-npm verification steps. See CHANGELOG.md for semver history.
Pi packages run with your local permissions. Review extensions before installing third-party packages.
For vulnerability reporting, see SECURITY.md.
MIT
FAQs
Pi extension that converts Markdown context to XML-like structure at model send time
We found that pi-mdxml-context demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.