moai-context7-integration
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill uses
os.getenv('CONTEXT7_API_KEY')to securely manage credentials, avoiding hardcoded secrets. Network communication is directed solely to the service's official API endpoint. - [EXTERNAL_DOWNLOADS]: Fetches library documentation and metadata from
api.context7.com. These operations are transparent and consistent with the skill's stated purpose of documentation research. - [COMMAND_EXECUTION]: Performs file system modifications using the
pathlib.Pathmodule to update local code examples and documentation files. These actions are scoped to the project's documentation directories. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Reads data from local MDX files and code examples via
read_text()methods in theNextraContext7EnhancerandCodeExampleManagerclasses. - Boundary markers: Utilizes
re.escapeto ensure that library names and patterns are handled safely during regex substitution. - Capability inventory: Includes file read/write permissions and network access to the Context7 API.
- Sanitization: Employs standard string manipulation and regex-based extraction to isolate and update documentation blocks.
Audit Metadata