repomix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly fetches and packages arbitrary remote repositories (e.g., "npx repomix --remote https://github.com/owner/repo" in SKILL.md and the repomix_batch.py script that accepts remote repo paths/URLs and owner/repo identifiers), meaning it ingests untrusted, user-generated content from public sites (GitHub) and prepares it for LLM consumption.