Skills
skills/cug-hydro/cug-hydro-skills/repomix-gh/Gen Agent Trust Hub

repomix-gh

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script src/repomix-gh.sh contains instances where variables such as $REPO and $EXTRACT_DIR are used in shell commands (e.g., gh api, find, du) without sufficient quoting or sanitization. Specifically, the use of eval with the find command poses a risk of command injection if a maliciously crafted repository name or file path is processed.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch repository ZIP files from github.com and installation resources for the GitHub CLI from cli.github.com. These target well-known, trusted domains and are consistent with the skill's primary purpose.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
  • Ingestion points: Untrusted data is ingested via curl downloads of external GitHub repositories in src/repomix-gh.sh.
  • Boundary markers: The output file is generated without explicit boundary markers or warnings to the downstream LLM to ignore embedded instructions within the processed code.
  • Capability inventory: The skill has capabilities to execute bash, curl, gh, and repomix on the host system.
  • Sanitization: There is no evidence of content sanitization or filtering of the repository data before it is bundled into the final markdown document.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 02:23 PM