repomix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly supports processing remote, public repositories (e.g., SKILL.md "Remote Repository Support" examples, references/usage-patterns.md, and scripts/repomix_batch.py which builds and runs "npx repomix --remote <owner/repo>" or full GitHub URLs), so it will fetch and ingest untrusted, user-generated third‑party code from public sites as part of its workflow, allowing that content to materially influence subsequent analysis or actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes repomix at runtime (including via "npx repomix --remote https://github.com/owner/repo") and references the external repository URL https://github.com/yamadashy/repomix, meaning it can fetch and execute remote code (npx loads and runs the repomix package) and fetch repository content that could be injected into model context, so this external URL/remote execution is a runtime dependency that poses risk.