Skills
skills/christopher-buss/rbxts-jest-extended/pnpm/Gen Agent Trust Hub

pnpm

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides extensive documentation for the pnpm CLI, including commands for package management (pnpm add, pnpm install), script execution (pnpm run), and binary execution (pnpm exec).
  • [EXTERNAL_DOWNLOADS]: Describes the standard process of downloading packages from registries (e.g., npmjs.org) and references official GitHub Actions (pnpm/action-setup, actions/setup-node) for CI/CD workflows.
  • [REMOTE_CODE_EXECUTION]: Documents the pnpm dlx command, which allows running packages without local installation, and the .pnpmfile.cjs hook system for programmatically modifying dependency resolution. Both are standard, documented features of the tool.
  • [CREDENTIALS_UNSAFE]: Mentions the storage of authentication tokens in .npmrc files, correctly recommending the use of environment variable placeholders (e.g., ${NPM_TOKEN}) to avoid hardcoding secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 03:58 PM