pnpm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and workflow examples (e.g., references/core-cli.md, references/features-patches.md, and references/features-hooks.md) explicitly show commands that fetch and run packages from public registries and repos (pnpm install/add against https://registry.npmjs.org/, pnpm dlx , github:user/repo#commit, and .pnpmfile.cjs hooks/patching), so the agent would ingest untrusted, user-generated third‑party content that can influence execution.