pgpm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and installing npm-published pgpm modules from the public npm registry (e.g., "pgpm install @pgpm/base32" and "pgpm install downloads the module from npm" in references/extensions.md and SKILL.md), and those installed modules (extensions/ deploy/revert/verify SQL) are read and deployed by pgpm, so untrusted third-party content can materially influence execution.