The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses npx to dynamically fetch and run the githits package from the official npm registry if it is not already present on the local system.
[COMMAND_EXECUTION]: The skill interacts with the local environment by executing the githits CLI tool to retrieve package metadata, vulnerability information, and dependency graphs.
[PROMPT_INJECTION]: The skill proactively addresses indirect prompt injection by providing the agent with an 'External Content Posture' guide to safely handle data from untrusted registries.
Ingestion points: Data from external package registries (npm, PyPI, etc.) is ingested via githits pkg commands as documented in SKILL.md and references/package.md.
Boundary markers: The 'External Content Posture' section in SKILL.md acts as a clear instructional boundary, advising the agent to treat third-party prose as data and ignore any embedded commands.
Capability inventory: The skill uses shell execution to run the githits CLI.
Sanitization: The instructions direct the agent to prioritize structured fields and explicitly ignore claims or instructions found in non-structured content like READMEs or changelogs.

githits-package