_SYS_REPO is a system user. Its schema is a system schema. You don’t touch any of those.
When you create new application schemas in your security context, e.g. under your user, then it’s necessary to grant _SYS_REPO the SELECT WITH GRANT privilege on your schema, if you want to build and activate models that read from your schema.
Think of _SYS_REPO as “the activation guy”. It takes your models and creates the necessary runtime objects from them (_SYS_BIC schema, several BIMC_*-tables and other places keep these runtime information). Now, after having activated all your models that access data in your schemas,_SYS_REPO wants to give you (and probably other users) read access to the activated models. Part of that is allowing read access to your data.
That’s what _SYS_REPO needs the privilege for your schema for. Allowing others the access to your schema.
Since not all schemas in the database will be used in models, there is no automatic assignment of this privilege to _SYS_REPO.
As part of your security strategy you need to actively assing _SYS_REPO the permission to every schema you want to build models on.