codebase-packager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs agents to fetch and pack remote public repositories and URLs (e.g., "repomix --remote https://github.com/org/repo" and "gitingest https://github.com/org/library" in references/repomix-gitingest-mastery.md and is referenced in SKILL.md delegation), meaning untrusted, user-generated code/pages would be ingested and read as part of the agent's workflow and could therefore carry malicious or instructional content that influences subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly documents runtime commands that fetch and pack remote GitHub repositories (e.g., repomix --remote https://github.com/org/repo and gitingest https://github.com/org/library) and exposes Repomix via MCP (npx -y repomix --mcp), meaning external repo content is fetched during runtime and injected into the LLM context or executed by tooling, so these URLs can directly control prompts/execute code.