repomix
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/repomix_batch.py safely invokes the repomix and npx CLI tools using subprocess.run with argument lists, which prevents shell injection.
- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading remote repository content from GitHub and other sources via the repomix --remote command, which is necessary for its primary function.
- [REMOTE_CODE_EXECUTION]: The tool utilizes npx to execute the repomix package directly from the npm registry. This is a standard and expected behavior for the tool.
- [SAFE]: The skill contains a binary file scripts/.coverage, which is an SQLite database generated by the Python coverage module and does not contain malicious code.
Audit Metadata