local-ref
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides templates for using the
curlutility to communicate with the Context7 API for documentation discovery and retrieval.\n- [EXTERNAL_DOWNLOADS]: The skill fetches documentation fromcontext7.comand other third-party documentation websites through the 'WebFetch' capability.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by caching external documentation locally indocs/reference/and instructing the agent to follow these cached files in subsequent sessions.\n - Ingestion points: Data is ingested from the Context7 API, arbitrary external documentation URLs, and local cache files.\n
- Boundary markers: There are no boundary markers or instructions to isolate or ignore potentially malicious instructions within the fetched content.\n
- Capability inventory: The agent possesses capabilities for shell command execution (
curl), filesystem read/write access, and project-level configuration modification (AGENTS.md).\n - Sanitization: No sanitization process is described for the content retrieved from external sources before it is saved and acted upon.
Audit Metadata