repomix
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill documentation promotes using
npxand a--remoteflag to download and process content from external repositories. While therepomixtool itself is a known utility, the code it retrieves for packaging is inherently untrusted.\n- COMMAND_EXECUTION (LOW): The skill instructions and documentation involve executing CLI commands (repomix,npm,python) to process local and remote file systems and manage development dependencies.\n- PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection (Category 8) as it aggregates untrusted code for LLM consumption.\n - Ingestion points: Remote repository URLs and local source code files processed by the tool.\n
- Boundary markers: The tool uses structured formats like XML, JSON, and Markdown tags to delimit files, which provides a basic but surmountable boundary.\n
- Capability inventory: The skill executes CLI tools via subprocesses and reads arbitrary file content for packaging.\n
- Sanitization: While the tool integrates Secretlint for secret detection, it does not provide specific sanitization to prevent malicious instructions embedded in the packaged source code from influencing the agent.
Audit Metadata