pnpm
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill directs the agent to run 'corepack prepare pnpm@latest --activate', which downloads and installs the pnpm binary from an external registry at runtime.
- COMMAND_EXECUTION (HIGH): The use of 'pnpm add' and 'pnpm -r' triggers the execution of lifecycle scripts (e.g., preinstall, postinstall) defined in external packages, allowing for arbitrary command execution on the host system.
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection because it processes external data from 'package.json' and 'pnpm-workspace.yaml' files without sanitization. An attacker-controlled file could use pnpm's script execution capabilities to hijack the agent. Evidence: 1. Ingestion: 'package.json', 'pnpm-workspace.yaml'; 2. Boundary markers: None; 3. Capabilities: Binary download, filesystem modification, and script execution; 4. Sanitization: None.
Recommendations
- AI detected serious security threats
Audit Metadata