pnpm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill's workflow and examples (SKILL.md plus references such as references/core-cli.md and references/best-practices-ci.md) require running pnpm commands like pnpm install, pnpm add, pnpm patch, and pnpm dlx which fetch packages and metadata from public registries (e.g., https://registry.npmjs.org/) — untrusted, user-published content that the agent will read/interpret and which can influence subsequent tool actions (lifecycle scripts, hooks, patches), enabling indirect prompt-injection-like risks.