pnpm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's documentation and workflow explicitly involve fetching and ingesting packages and repo sources from public registries and repos (e.g., "registry=https://registry.npmjs.org/" in references/core-config.md and the use of pnpm install / pnpm dlx / pnpm patch in references/core-cli.md and references/features-patches.md) and it also shows hooks (.pnpmfile.cjs in references/features-hooks.md) and patch/edit workflows that read/modify third-party package content, so untrusted user-generated content from the open web can be read and can materially affect resolution and subsequent tool actions.