npm-to-pnpm
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the official pnpm installation script from the well-known pnpm.io domain.
- [REMOTE_CODE_EXECUTION]: The migration guides include commands that pipe remote installation scripts (install.sh and install.ps1) from pnpm.io directly into system shells for tool setup.
- [COMMAND_EXECUTION]: The migration workflow utilizes standard shell commands for removing legacy artifacts (e.g., rm -rf node_modules) and executing package manager operations via pnpm.
- [PROMPT_INJECTION]: The skill's workflow for processing project configuration files presents a surface for indirect prompt injection. 1. Ingestion points: Project files such as package.json and lockfiles are accessed and processed during migration steps described in SKILL.md and workflow guides. 2. Boundary markers: No explicit markers or instructions are provided to the agent to distinguish between migration commands and potentially malicious content within the processed files. 3. Capability inventory: The skill enables the agent to execute shell commands and lifecycle scripts via the pnpm tool during the migration and verification phases. 4. Sanitization: No mechanisms for sanitizing or validating the contents of the ingested project files are included in the skill's instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://get.pnpm.io/install.sh - DO NOT USE without thorough review
Audit Metadata