pgpm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly documents fetching modules from the public npm registry via commands like "pgpm install @pgpm/base32" and states (references/extensions.md and references/cli.md in SKILL.md) that installed packages are placed in extensions/ and are deployed/executed by pgpm, meaning untrusted third‑party package contents (SQL/deploy scripts) are ingested and can materially influence deploy actions.