repomix
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructs the agent and user to install external software via 'npm install -g repomix' and 'brew install repomix'. While Repomix is a known tool, these commands download code from public registries (npm, Homebrew) that are not on the explicitly trusted list.
- COMMAND_EXECUTION (LOW): The skill relies on executing shell commands to package repositories. This includes the ability to process remote repositories via 'npx repomix --remote', which involves fetching data from external URLs.
- PROMPT_INJECTION (LOW): (Category 8: Indirect Prompt Injection Surface) The primary purpose of this skill is to ingest large amounts of external code (local or remote) into the LLM context. This creates a surface for indirect prompt injection where malicious instructions hidden in a repository's files could influence the agent's subsequent behavior after it processes the output.
- Ingestion points: Processes entire local directories and remote GitHub repositories via the '--remote' flag.
- Boundary markers: The tool uses XML/Markdown tags in output to separate files, but these are for organization and do not prevent the LLM from potentially following instructions embedded within the content.
- Capability inventory: Shell command execution (repomix CLI), file system read/write (packaging files), and network access (remote repo fetching).
- Sanitization: Includes a secret scanner (Secretlint) to detect API keys, but the skill explicitly documents how to disable this safety feature using the '--no-security-check' flag.
Audit Metadata