githits-package

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "External Content Posture" plus the pkg commands (e.g., pkg info, pkg changelog, pkg vulns, pkg upgrade-review) explicitly fetch and ingest public registry/repository content such as registry descriptions, advisories, release notes, READMEs, and source text from third‑party sites (registries/GitHub), so untrusted user-generated prose can be read by the agent and materially influence upgrade/vulnerability decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly falls back at runtime to fetching and executing remote code with "npx -y githits@latest" (which downloads the package from the npm registry, e.g. https://registry.npmjs.org), so it relies on executing externally fetched code during runtime.