pgpm-extensions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's workflow explicitly downloads npm-published pgpm modules via "pgpm install" into the workspace's extensions/ directory and then reads and executes their control/deploy/verify scripts during "pgpm deploy", which exposes the agent to untrusted third‑party content from the public npm registry that can materially influence execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs pgpm install at runtime which fetches npm packages (e.g., @pgpm/base32) from the npm registry (https://registry.npmjs.org/) and those packages include deploy/revert/verify scripts that pgpm will execute during deploy, so remotely fetched code can run.