pnpm
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill package consists entirely of reference documentation and contains no executable scripts or active components.
- [COMMAND_EXECUTION] (SAFE): The skill provides documentation for standard pnpm CLI commands used in project management. All commands are presented within the context of legitimate development workflows.
- [EXTERNAL_DOWNLOADS] (SAFE): Detailed instructions are provided for managing external dependencies via the npm registry. The skill encourages secure practices such as using '--frozen-lockfile' in CI/CD and auditing vulnerabilities.
- [DYNAMIC_EXECUTION] (SAFE): Advanced configuration features like '.pnpmfile.cjs' hooks are explained for resolving dependency issues. The documentation uses benign educational examples that follow industry standard patterns.
Audit Metadata