mcp-repomix

No direct evidence of intentionally malicious code in the provided skill description. The principal risk is operational: the skill enables bulk export and remote processing of repository contents and lacks documented safeguards for server trust, credential handling, secret exclusion, retention policies, and access controls. Before using this skill in sensitive environments, require explicit server whitelisting and verification, implement default ignorePatterns for common secret files, document credential handling and retention/processing policies, and restrict generate_skill outputs to reviewed destinations. Treat the configured Repomix server as a high-privilege endpoint and apply the principle of least privilege.