context7-research
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/new_report.py) to generate markdown reports. This script performs file system operations, including creating directories and writing files to the local disk based on user-supplied input strings.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes content from external documentation sources via the Context7 MCP. This content is used to populate report templates without sanitization.\n
- Ingestion points: mcp__context7__query-docs tool output.\n
- Boundary markers: None present to delimit untrusted documentation content.\n
- Capability inventory: Local file writing via scripts/new_report.py (SKILL.md).\n
- Sanitization: No validation or escaping of the retrieved documentation content is performed.
Audit Metadata