pnpm
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill documents standard pnpm CLI operations, including executing scripts with
pnpm runand binaries viapnpm execorpnpm dlx. - [EXTERNAL_DOWNLOADS]: References trusted resources for CI/CD, such as official GitHub Actions from the
pnpmandactionsorganizations. - [COMMAND_EXECUTION]: Provides documentation for
.pnpmfile.cjshooks, which are used to programmatically modify package configurations during the installation lifecycle. - [PROMPT_INJECTION]: The skill identifying that it may process configuration files like
package.jsonwhich can contain untrusted code, and it provides remediation advice using the--ignore-scriptsflag.
Audit Metadata