repomix
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- External Downloads (MEDIUM): The skill requires installing the 'repomix' package globally via npm. Because the author ('yamadashy') and repository are not on the established trusted list, this is classified as an unverifiable external dependency.
- Prompt Injection (LOW): The skill acts as a significant surface for Indirect Prompt Injection (Category 8). It is designed to ingest entire untrusted codebases (local or remote) and translate them into LLM context. Ingestion points: Path and URL inputs in
repomix_batch.pyandnpx repomix --remote. Boundary markers: Uses XML/Markdown/JSON tags which delimit files but do not prevent an LLM from following instructions embedded in comments. Capability: Large-scale data aggregation for AI context. Sanitization: Includes Secretlint for secrets but no sanitization for malicious natural language instructions. - Data Exposure (LOW): The included documentation for
repomix_batch.pystates that it automatically loads environment variables from multiple locations, including./.claude/.envand./skills/.env. This behavior risks the accidental inclusion of sensitive credentials in the packaged AI-friendly output. - Command Execution (LOW): The skill relies on shell command execution for its core functionality and suggests manual permission changes (
chmod +x) in its troubleshooting documentation.
Audit Metadata