docs-seeker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill automatically fetches and ingests public llms.txt and documentation URLs from context7.com (with fallbacks to public websites and GitHub repos) and its scripts/agents (fetch-docs.js, analyze-llms-txt.js and the described WebFetch/Explorer agent workflow) are expected to read and process that untrusted third‑party content, creating a clear vector for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Yes — the fetch-docs.js script performs runtime HTTPS GETs to https://context7.com/{...}/llms.txt (and similar llms.txt endpoints) and the returned llms.txt content is parsed and used to determine which URLs agents fetch and how agents are instructed/distributed, so remote content directly controls agent behavior.