Skills
skills/duc01226/easyplatform/repomix/Gen Agent Trust Hub

repomix

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The repomix_batch.py script executes the repomix CLI and npx via subprocess.run. It uses a list-based argument structure to prevent shell injection.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and run the repomix package for remote repositories. Repomix is a recognized community tool for preparing codebase context.
  • [PROMPT_INJECTION]: The skill's primary function is to ingest repository content for LLM context, which constitutes an indirect prompt injection surface.
  • Ingestion points: Reads files from repositories via the repomix CLI.
  • Boundary markers: Uses XML or Markdown markers for file separation; however, these are not robust against adversarial content.
  • Capability inventory: Subprocess execution and local file system writes.
  • Sanitization: Relies on repomix's internal Secretlint for credential detection but does not filter content for injection patterns.
  • [CREDENTIALS_UNSAFE]: The EnvLoader class in repomix_batch.py searches for and loads environment variables from several parent directory locations, including .env files that may contain sensitive agent configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 03:02 PM