repomix-gh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The script and SKILL.md explicitly fetch and ingest arbitrary public GitHub repositories (e.g., "gh api 获取默认分支 → curl 下载 zip → unzip 解压 → repomix 打包" and the script lines using curl/gh to download https://github.com/$REPO/...zip and then running repomix on the extracted files), so untrusted, user-generated third‑party content is read and processed as part of the workflow and could influence subsequent behavior.