repomix
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script 'repomix_batch.py' executes the 'repomix' and 'npx' CLI tools via 'subprocess.run'. It uses list-based arguments to prevent shell injection, passing user-provided repository paths directly to the commands.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of repository data using 'npx repomix --remote', which fetches content from remote Git providers like GitHub.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by packaging external codebases for LLM consumption. Ingestion points: The 'repomix' tool reads all files within a target repository. Boundary markers: Output formats use XML tags or Markdown headers to separate file content. Capability inventory: The script can execute subprocesses and read from the local filesystem. Sanitization: The underlying 'repomix' tool incorporates 'Secretlint' to detect and flag sensitive credentials before they are included in the package.
Audit Metadata