pnpm
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [METADATA_POISONING]: The 'SKILL.md' file lists 'Anthony Fu' as the author, which contradicts the provided author context of 'steveclarke'. This inconsistency in provenance metadata can lead to misleading trust in the skill's authority.
- [INDIRECT_PROMPT_INJECTION]: The skill instructs the agent to read and analyze local project configuration files, such as 'package.json' and '.npmrc', which can be manipulated by an attacker to include hidden instructions.
- Ingestion points: Instructions in 'SKILL.md' and 'references/core-config.md' explicitly recommend checking these files to understand project structure.
- Boundary markers: The instructions do not define delimiters or provide warnings to disregard instructions found within these files.
- Capability inventory: The skill documents commands that execute shell scripts and code, including 'pnpm run' and 'pnpm exec'.
- Sanitization: There is no recommendation for sanitizing or validating the content of these files before processing.
- [DYNAMIC_EXECUTION]: The skill documents the use of '.pnpmfile.cjs' hooks, which allow for the execution of arbitrary JavaScript logic during the installation process ('references/features-hooks.md').
- [REMOTE_CODE_EXECUTION]: The documentation includes the 'pnpm dlx' command, which allows for the immediate execution of packages fetched from remote registries without prior installation ('references/core-cli.md').
Audit Metadata