pnpm
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructional text directing the agent to analyze project structure and configuration files. These are benign operational guidelines and do not attempt to override safety filters.
- [COMMAND_EXECUTION]: The skill documents standard pnpm CLI commands such as install, run, and exec, which are required for Node.js package management.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists as the agent is instructed to process untrusted project files. 1. Ingestion points: package.json, pnpm-workspace.yaml, .npmrc, and .pnpmfile.cjs. 2. Boundary markers: Absent. 3. Capability inventory: pnpm install, pnpm run, and pnpm exec. 4. Sanitization: Absent.
Audit Metadata