repomix
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- External Downloads (LOW): The skill requires the installation of the
repomixCLI tool vianpm install -g repomixorbrew install repomix. As this tool is not from a source on the pre-approved trusted list, it is considered an unverifiable dependency. - External Downloads (LOW): The skill facilitates downloading code from arbitrary remote repositories using the
--remoteflag. While this is the core functionality, it involves network operations to non-whitelisted domains to fetch third-party content. - Indirect Prompt Injection (LOW): By packaging entire repositories for LLM analysis, the skill creates a surface where an attacker-controlled repository could contain malicious instructions hidden in code or comments.
- Ingestion points: Local and remote repository files are read and aggregated via the
repomixcommand inSKILL.mdandrepomix_batch.py. - Boundary markers: The tool implements XML and Markdown separators to delimit files, which provides structural context but does not fully prevent instruction override in adversarial scenarios.
- Capability inventory: The skill executes the
repomixbinary via shell commands (subprocesscontext). - Sanitization: The tool uses Secretlint to detect hardcoded credentials (API keys, secrets), but does not perform sanitization of natural language instructions within the processed data.
Audit Metadata