repomix
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the aggregation of external repository content into a single file for LLM processing, which creates a surface for indirect prompt injection if the source data is untrusted. * Ingestion points: The tool reads from local file systems and fetches remote repositories from GitHub. * Boundary markers: Implements structured outputs such as XML and Markdown with clear file separators to maintain context integrity. * Capability inventory: Includes file system read access, network access for fetching remote code, and optional clipboard interaction. * Sanitization: Integrates Secretlint for credential detection but does not provide automated filtering for malicious instructions within source files.
- [EXTERNAL_DOWNLOADS]: Fetches the 'repomix' utility from the NPM registry and retrieves remote codebases from GitHub when using the remote execution feature.
- [COMMAND_EXECUTION]: Details various shell commands for package installation (npm, yarn, bun, brew) and repository processing using the repomix CLI.
Audit Metadata