repomix-unmixer

The described functionality matches the stated purpose (unpacking repomix files). The principal security concern is filesystem safety: documentation indicates brittle parsing (regex for XML) and lacks any mention of path sanitization or sandboxing, creating credible risk of path traversal and arbitrary file overwrite when processing untrusted repomix inputs. No network or credential-theft behaviors are described. Before running on untrusted data, obtain and review the actual scripts/unmix_repomix.py to confirm use of robust parsers and programmatic protections (normalize and constrain extracted paths, disallow absolute/parent-traversal entries, and implement safe overwrite semantics). Treat as suspicious until the code is verified.