repomix
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): Recommends installing 'repomix' via npm or brew. The package source (yamadashy/repomix) is not on the trusted organization or repository list.
- [COMMAND_EXECUTION] (MEDIUM): Executes shell commands to package local files and fetch remote repositories via npx.
- [PROMPT_INJECTION] (HIGH): Significant Indirect Prompt Injection (Category 8) vulnerability surface. Ingestion points: The skill reads entire local directories and remote GitHub repositories (via npx repomix --remote) into the agent's context. Boundary markers: Employs XML/Markdown tags which are insufficient to prevent the agent from obeying instructions embedded in the source code. Capability inventory: The packaged context is specifically intended for agent-based reasoning tasks like security audits and bug investigations. Sanitization: No mechanisms are present to filter or escape natural language instructions found within the processed repository content.
Recommendations
- AI detected serious security threats
Audit Metadata