pnpm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill documents pnpm behaviors that fetch and load code/content from public registries, arbitrary Git/tarball URLs and config packages (see "core-package-sources" for git/tarball/npm, "features-config-dependencies" for auto-loaded config packages, and "features-hooks"/".pnpmfile.cjs" which run package-provided JS), i.e. untrusted user-generated third‑party content that pnpm is expected to read/execute as part of its workflow.