repomix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly supports "Remote Repository Support" with examples like "npx repomix --remote https://github.com/owner/repo" and use cases such as packaging third‑party libraries, which means the skill fetches and ingests public GitHub (user‑generated) repositories as part of its workflow—allowing that external content to influence packaging/analysis and subsequent agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). Repomix explicitly supports fetching remote repositories at runtime (e.g., "npx repomix --remote https://github.com/owner/repo"), and those fetched repository files are packaged and injected into LLM context—meaning the remote URL can directly control model prompts.