repomix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Repomix explicitly supports packaging arbitrary remote repositories (see "Remote Repository Support" e.g., npx repomix --remote https://github.com/owner/repo), so the agent will fetch and ingest untrusted, user-generated content from public sites for LLM consumption.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches remote repositories at runtime (e.g., via "npx repomix --remote https://github.com/owner/repo"), which pulls external repository content and packages it for LLM context—effectively injecting fetched external content into the agent's prompt/input and making the external URL a required runtime dependency.