moai-context7-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests external documentation from the public Context7 API (see Section 2: Context7Client.get_library_docs and search_documentation at https://api.context7.com/v1) and then reads and acts on that content to enhance MDX, sync/update example files, validate documentation, and drive recommendations (e.g., NextraContext7Enhancer.enhance_mdx_content and CodeExampleManager.update_example_file), so third-party content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill performs runtime fetches from the Context7 API (base URL https://api.context7.com/v1) and injects the returned documentation into agent outputs and content-enhancement flows, meaning external data fetched at runtime directly influences prompts/instructions and is required for the skill to function.