pnpm-dependency-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill contains an Indirect Prompt Injection surface where user-provided package names are interpolated directly into shell commands.
- Ingestion points: The
PACKAGEvariable used throughout the bash scripts (e.g., inpnpm why "$PACKAGE"). - Boundary markers: None present. The instructions do not warn the agent to sanitize the input against shell metacharacters.
- Capability inventory: The skill uses
pnpm,grep,find, andjqwhich can be exploited if the input string contains characters like;,`, or$(...). - Sanitization: None present. External input is used directly in a subshell execution context.
- [EXTERNAL_DOWNLOADS] (LOW): The skill documentation suggests installing external third-party tools.
- Evidence: Recommends
pnpm install -g pnpm-workspace-graphandbrew install ripgrep. While these are useful tools, they represent unmanaged external dependencies that must be manually verified by the user. - [COMMAND_EXECUTION] (SAFE): The skill's primary purpose involves executing local CLI tools (
pnpm,grep,find) to analyze the repository. These operations are consistent with the stated purpose of dependency analysis.
Audit Metadata