pnpm
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill guides the agent to read and interpret project files like
package.jsonandpnpm-workspace.yaml. These files are external inputs and can serve as a vector for indirect prompt injection. An attacker could place malicious instructions in these files (e.g., in package descriptions or script names) to trick the agent into executing unintended pnpm commands or bypassing safety constraints during the management of the project.\n - Ingestion points: The agent is directed to check
pnpm-workspace.yamland.npmrcinSKILL.mdandreferences/core-config.md.\n - Boundary markers: None identified. There are no instructions for the agent to use delimiters or to disregard natural language instructions found within the configuration files.\n
- Capability inventory: The agent can execute a wide range of powerful pnpm commands documented in
references/core-cli.md, includinginstall,run, anddlx, which involve package installation and script execution.\n - Sanitization: The documentation does not suggest any validation or sanitization steps for the data read from project files.
Audit Metadata