repomix
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill guides the agent to install
repomixvianpmorbrewand usesnpxto process remote repositories. Whilerepomixis a recognized utility, it does not originate from the specified trusted organizations. - [COMMAND_EXECUTION] (LOW): The skill relies on executing shell commands (
repomix,npx) to perform its core functions. This is consistent with the skill's purpose. - [PROMPT_INJECTION] (LOW): The skill is subject to Indirect Prompt Injection (Category 8) because it ingests untrusted data from repositories. A malicious repository could contain instructions designed to subvert the LLM's behavior once the 'packed' file is processed.
- Ingestion points: Local filesystem files and remote Git repositories via
--remoteflag. - Boundary markers: Supports XML, Markdown, and JSON formatting which provides structural delimiters.
- Capability inventory: Executes the
repomixCLI tool which has read access to the filesystem. - Sanitization: Includes built-in secret detection using
Secretlintto filter sensitive credentials.
Audit Metadata