Skills
skills/arisng/github-copilot-fc/context7-cli/Gen Agent Trust Hub

context7-cli

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for installing the ctx7 CLI tool globally using npm install -g ctx7 or running it via npx ctx7. It details commands for skill discovery, installation, and generation.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of AI coding skills from the Context7 registry (context7.com). These downloads are the primary purpose of the skill and are directed to the vendor's official infrastructure.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection through the ingestion of external registry data.
  • Ingestion points: Content is fetched from context7.com via search and install commands in SKILL.md.
  • Boundary markers: No explicit delimiters are mentioned for the content retrieved from the registry.
  • Capability inventory: The CLI writes files to assistant-specific directories such as .claude/skills/ and .cursor/skills/.
  • Sanitization: The instructions do not specify a validation or sanitization process for the downloaded skills.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 11:17 PM