repomix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports remote repositories (e.g., SKILL.md "Remote Repository Support" shows npx repomix --remote https://github.com/owner/repo) and usage patterns (references/usage-patterns.md "Third-Party Library") that fetch and ingest public, user-generated repo content which the agent is expected to read and use for packaging and AI analysis, so untrusted third‑party content can influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly supports fetching remote repositories at runtime (e.g., "npx repomix --remote https://github.com/owner/repo"), which pulls external GitHub content and packages/injects that content into LLM context (thereby directly controlling prompts), so the URL https://github.com/owner/repo is a high-confidence runtime risk.