githits-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and references/code-and-docs.md explicitly instruct the agent to run githits commands like githits search, githits code read, and githits docs read to fetch READMEs, source code, docs, release notes and other public GitHub/npm content (third-party, user-generated) and to use those results as evidence for decisions, which means untrusted external content can be read and influence subsequent actions (see "External Content Posture" and the Core Commands sections).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs running "npx -y githits@latest" as a runtime fallback, which fetches and executes the githits package from the npm registry (e.g. https://registry.npmjs.org/githits), so remote code would be fetched and executed at runtime.