repomix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Flagged because the skill explicitly fetches and processes arbitrary public repositories (see "Remote Repositories" examples like npx repomix --remote https://github.com/user/repo and the MCP tool pack_remote_repository), meaning untrusted, user-generated third‑party content is ingested and used as part of the agent's workflow and could influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs running remote-executing commands at runtime (e.g., "npx repomix@latest" which fetches/executes the package and "docker run ... ghcr.io/yamadashy/repomix", and it also supports processing remote repos like https://github.com/yamadashy/repomix), so these external URLs/packages are fetched and executed at runtime.