repomix
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill instructs the user to install and run external software from untrusted repositories via package managers. Evidence: 'npm install -g repomix' and 'npx repomix --remote' in SKILL.md.
- Indirect Prompt Injection (HIGH): The skill ingests untrusted data from remote and local repositories that could contain malicious instructions to subvert the agent. Evidence: Ingestion point via the --remote flag and local directory processing; employs XML/Markdown boundary markers; possesses capabilities for file system modification and command execution; sanitization via Secretlint is present but can be explicitly disabled.
- Data Exposure & Exfiltration (MEDIUM): The tool can be configured to access sensitive files and bypass standard security exclusions. Evidence: --no-gitignore and --no-security-check flags in SKILL.md.
- Command Execution (MEDIUM): The skill enables execution of CLI commands with user-defined include and ignore patterns. Evidence: 'repomix --include' and 'repomix --token-count-tree' in SKILL.md.
Recommendations
- AI detected serious security threats
Audit Metadata