context7
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions explicitly direct the agent to locate and read sensitive configuration files (.env) within the skill's installation directory to retrieve API keys. While this is used for legitimate configuration, providing specific paths to hidden files for agent access is a data exposure pattern.
- Evidence: SKILL.md contains instructions: 'IMPORTANT: CONTEXT7_API_KEY IS STORED IN THE .env FILE... SEARCH FOR IT THERE.' and provides paths like ~/.agents/skills/context7/.env.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it fetches and processes third-party documentation content without security boundaries.
- Ingestion points: Documentation strings retrieved from the context7.com API endpoint via scripts/context7.py.
- Boundary markers: Absent. Fetched content is displayed directly to the agent without delimiters or warnings to ignore embedded instructions.
- Capability inventory: The agent has the ability to execute python scripts and perform network operations through the provided skill scripts.
- Sanitization: Absent. The context7.py script does not validate or sanitize the content returned from the external API before outputting it.
Audit Metadata