repomix
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
repomixCLI tool viasubprocess.runinscripts/repomix_batch.pyto package repositories. Commands are constructed as lists to prevent shell injection, and the tool is used for core functionality like installation checks and repo processing. - [EXTERNAL_DOWNLOADS]: The skill supports fetching and processing remote repositories using
npx repomix --remote. This involves connecting to external Git providers such as GitHub to retrieve repository data for packaging. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests entire external codebases.
- Ingestion points: Repository files are read and aggregated from local or remote paths using the
repomixtool. - Boundary markers: The output uses structured formats like XML or Markdown with specific separators to delimit file contents for the AI.
- Capability inventory: The skill has the ability to read project files and execute the local
repomixCLI. - Sanitization: It includes built-in security scanning (Secretlint) by default to detect and alert on sensitive information such as API keys within the processed code.
Audit Metadata