repomix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes arbitrary remote repositories (e.g., "npx repomix --remote https://github.com/owner/repo" and repomix_batch.py accepting owner/repo or URLs), which ingests untrusted, user-generated content from public GitHub repos and packages it for LLM analysis—exposing the agent to potential indirect prompt injection.