The Agent Skills Directory

[SAFE]: The skill consists of informational markdown files for the pnpm package manager. No malicious instructions, obfuscation, or safety bypasses were found in the files or metadata.
[EXTERNAL_DOWNLOADS]: Documents standard tool usage for fetching packages from the official npm registry and using trusted GitHub Actions such as pnpm/action-setup.
[COMMAND_EXECUTION]: Lists standard CLI commands for managing dependencies and running project scripts, which are core functions of the tool.
[REMOTE_CODE_EXECUTION]: Describes the intended use of pnpm dlx to execute packages from the npm registry, which is a core feature of the package manager.
[PROMPT_INJECTION]: The skill documents how to process repository configuration files, which constitutes a standard ingestion surface for untrusted project data. Ingestion points: Reads package.json, .npmrc, pnpm-workspace.yaml, and .pnpmfile.cjs from the project directory. Boundary markers: None; standard parsing of configuration files. Capability inventory: Commands like pnpm install and pnpm run execute scripts defined in the ingested project files. Sanitization: None; standard behavior for package managers.

pnpm