context7-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to call query-docs (and optionally researchMode which "git-pull[s] the actual source repos plus a live web search") to fetch and incorporate public library documentation and source repos into answers, meaning the agent reads and acts on untrusted third‑party web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's researchMode explicitly performs git-pulls of external source repositories (remote git URLs — e.g., git@github.com:org/repo.git or https://raw.githubusercontent.com/...) at runtime and injects that fetched documentation into the agent context to drive its answers, so external repo content directly controls prompts.