The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches package metadata and release information from trusted and well-known services including GitHub (github.com), NPM (npmjs.com), and PyPI (pypi.org). These requests are directed to official registries and are necessary for the skill's operation.
[COMMAND_EXECUTION]: Executes standard package manager CLI tools (npm, yarn, pnpm, bun, uv, pip) and the GitHub CLI (gh) to gather repository and dependency status. Commands are executed using safe subprocess patterns with argument lists to prevent shell injection. Additionally, the skill interacts with a vendor-provided tool at /home/bjorn/.codex/skill-support/bin/deps-workbench for repository inventory.
[PROMPT_INJECTION]: Vulnerable to indirect prompt injection. The skill ingests untrusted text from external sources, specifically GitHub release notes and changelogs, and includes this content in reports processed by the agent. An attacker could potentially embed malicious instructions in a package's release notes to influence agent behavior when the report is analyzed.
Ingestion points: The scripts/gh_release_fetch.py script retrieves release descriptions and file contents via the GitHub API.
Boundary markers: No explicit delimiters are used to wrap external text to distinguish it from instructions, though the final output is structured as Markdown.
Capability inventory: The agent, when using this skill, can execute package manager commands and write reports to the local filesystem.
Sanitization: The skill uses markdown_escape for report formatting but does not sanitize the retrieved text for potential prompt injection patterns.

gh-deps-intel