repomix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's "Remote Repository Support" (e.g., examples like npx repomix --remote https://github.com/owner/repo and --remote owner/repo) explicitly fetches and ingests public GitHub/remote repositories (untrusted, user-generated content) and then reads/packages that content for LLM consumption, enabling indirect prompt injection.