pnpm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows and examples (SKILL.md and the references) explicitly instruct using pnpm to install/run packages and dlx arbitrary packages from public registries (e.g., https://registry.npmjs.org/) and to process package metadata via .pnpmfile.cjs hooks and patches, which means it fetches and executes user-published, untrusted third‑party content that can materially change agent behavior.