pnpm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to run pnpm commands that install and process packages from public registries (e.g., registry=https://registry.npmjs.org/ in references/core-config.md and pnpm install / pnpm dlx in references/core-cli.md) and describes hooks that inspect/modify package metadata (.pnpmfile.cjs in references/features-hooks.md), so the agent would ingest and interpret untrusted, user-published third‑party package content at runtime.