monorepo-manager
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run package manager commands such as
pnpm installand build commands likepnpm turbo buildafter modifying configuration files likepackage.jsonacross the workspace. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses content from repository files that could be controlled by an external actor. If a user opens a malicious repository, configuration files like
package.jsoncould contain strings designed to influence the agent's behavior. - Ingestion points: Configuration files including
package.json,pnpm-workspace.yaml,turbo.json,nx.json, andlerna.jsonin the working directory. - Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded prompts when reading these files.
- Capability inventory: Includes reading and writing filesystem files and executing shell commands (package installations and builds).
- Sanitization: There is no evidence of sanitization or validation of the data extracted from the configuration files before it is processed by the agent.
Audit Metadata