repomix
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands like 'mkdir', 'rm', and 'bunx' to manage the lifecycle of codebase bundles within specified local directories. These operations are consistent with the skill's purpose of preparing repository context.
- [EXTERNAL_DOWNLOADS]: The skill fetches the 'repomix' package from the NPM registry using 'bunx'. It also supports packing remote GitHub repositories using the '--remote' flag, which allows for context retrieval from external sources.
- [SAFE]: Security is addressed through default exclusion of sensitive directories such as '.git', '.prompts', and '.claude', as well as the integration of 'secretlint' to scan for hardcoded credentials before bundle generation.
Audit Metadata