repomix
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill incorporates the use of various CLI tools and package managers for repository processing and automation.\n
- Instructions in SKILL.md guide the agent to execute commands like repomix, bun, npx, and brew.\n
- The scripts/repomix_batch.py and scripts/benchmark_performance.py scripts utilize the Python subprocess.run method to programmatically invoke these tools.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the retrieval of remote code as a core feature of the packaging tool.\n
- Supports the repomix --remote flag to fetch and bundle repository content directly from GitHub or other external URLs.\n
- The benchmark script performs test executions using the public octocat/Hello-World repository as a reference.\n- [PROMPT_INJECTION]: The skill describes a workflow for reconstructing repositories from packed bundles, which serves as an indirect prompt injection surface.\n
- It instructs the agent to parse XML, Markdown, or JSON data provided in a bundle and use the Write tool to recreate the directory hierarchy and file contents.\n
- While a primary feature for restoring context, this capability depends on the agent processing data from potentially untrusted bundles provided by external sources.
Audit Metadata