context7-efficient
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill downloads and executes the '@upstash/context7-mcp' package from the npm registry using npx in scripts like 'fetch-docs.sh' and 'start-server.sh'. Upstash is not a trusted organization according to the security guidelines, which constitutes a high-risk unverifiable external dependency.
- COMMAND_EXECUTION (HIGH): Scripts such as 'fetch-docs.sh' and 'fetch-raw.sh' interpolate user-supplied library names and topics directly into shell commands. Because these variables are not escaped or sanitized before being placed inside double-quoted arguments, an attacker or a malicious prompt could provide inputs that break out of the shell command structure to execute arbitrary commands on the host system.
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes external documentation from a remote server without using boundary markers or text sanitization. 1. Ingestion points: 'fetch-docs.sh' via the Context7 MCP server response. 2. Boundary markers: None present. 3. Capability inventory: Subprocess execution of shell scripts, Python, and npx. 4. Sanitization: While the skill uses awk and grep to filter for code blocks, it does not sanitize the text for embedded instructions that could influence the agent's behavior.
Recommendations
- AI detected serious security threats
Audit Metadata