repomix-explorer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs running repomix against remote public repositories (e.g., "npx repomix@latest --remote " and examples like "facebook/react" and "https://github.com/microsoft/vscode") and then reading/analyzing the generated output, so the agent ingests and acts on arbitrary untrusted third‑party repo content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime requires running "npx repomix@latest", which fetches and executes remote code from the npm registry (e.g., https://registry.npmjs.org/repomix) as a required dependency, so it executes remote code at runtime.