What happened
Repomix's shallow-clone helper failed to sanitize a user-controllable branch-name parameter before passing it to git commands, permitting git option injection.
Why it matters
Repomix is widely used by developers to package repository contents for LLM context windows; option injection during the clone step of an AI tooling pipeline can lead to code execution when packing an untrusted third-party repository.
Attack vector
src/core/git/gitCommand.ts's execGitShallowClone function passes a --remote-branch value directly to git fetch and git checkout without validation or an --end-of-options separator, allowing an attacker-supplied branch name to inject additional git options such as --upload-pack, potentially leading to command execution during the clone.
Affected systems
Repomix prior to 1.14.1
Mitigation
Upgrade to Repomix 1.14.1 or later.