context7-efficient
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx -y @upstash/context7-mcpinscripts/start-server.shandscripts/fetch-docs.shto download and execute the Context7 MCP server from the NPM registry. Upstash is recognized as a well-known technology provider, and NPM is a trusted registry. - [COMMAND_EXECUTION]: The Python utility
scripts/mcp-client.pyutilizessubprocess.Popenwithshell=Trueto execute the MCP server command. While the command is hardcoded within the skill's orchestrator scripts (fetch-docs.sh), the use ofshell=Trueis a noted capability for command execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted documentation from external libraries.
- Ingestion points: Documentation is fetched from the Context7 MCP server via
scripts/fetch-raw.sh. - Boundary markers:
scripts/fetch-docs.shadds Markdown headers such as '## Code Examples' and '## API Signatures' to delineate content, but does not provide explicit 'ignore instructions' delimiters. - Capability inventory: The skill can execute shell commands via
npx, manage local processes (start/stop server), and perform network requests via the Python client's HTTP transport. - Sanitization: Content is filtered using
awk,grep, andsedto extract technical details, which reduces the volume of text but does not specifically sanitize or escape potential natural language instructions embedded in the documentation.
Audit Metadata