yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.