repomix
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the agent to perform global installations using
npm install -g repomixandbrew install repomix. While 'repomix' is a known tool, these commands download and execute code from external registries (NPM/Homebrew) at runtime. - COMMAND_EXECUTION (MEDIUM): The skill frequently uses
npx repomixandrepomixcommands to process files. This involves executing a third-party CLI tool with various arguments, which could lead to arbitrary command execution if input patterns or file paths are maliciously crafted. - DATA_EXFILTRATION / INDIRECT PROMPT INJECTION (MEDIUM): The
--remoteflag allows the tool to fetch and process content from any owner/repo on GitHub (e.g.,npx repomix --remote owner/repo). - Ingestion points: Fetches entire remote repositories into the local environment and packages them for the AI.
- Boundary markers: None specified in the instructions for the packaged output.
- Capability inventory: The skill can read local files, fetch remote content, and write outputs to the filesystem or clipboard.
- Sanitization: While 'repomix' includes 'Secretlint' for sensitive data detection, the instructions explicitly show how to bypass this using
--no-security-check, increasing the risk of accidental exposure of credentials found in remote code. - METADATA POISONING (LOW): The skill description mentions security audits and analyzing third-party libraries, which might lead a user to over-trust the tool's ability to safely handle malicious codebases.
Audit Metadata