Skills
skills/chandima/opencode-config/context7-docs/Gen Agent Trust Hub

context7-docs

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx --yes mcporter to run the MCPorter tool. This command downloads the package from the official npm registry if it is not already available locally.
  • [COMMAND_EXECUTION]: The scripts/docs.sh file uses several system tools including curl for making network requests and python for JSON parsing and timeout management. These are used for the skill's documented purpose.
  • [COMMAND_EXECUTION]: A Python heredoc is used in the run_mcporter function to implement a timeout for external commands. This is implemented safely using subprocess.run with an argument list, which prevents shell injection vulnerabilities.
  • [PROMPT_INJECTION]: The skill retrieves documentation from the Context7 service, which constitutes an ingestion point for external data.
  • Ingestion points: External documentation text fetched from context7.com and mcp.context7.com.
  • Boundary markers: None; the documentation content is returned directly to the agent context.
  • Capability inventory: The skill manifest allows the use of Bash, Read, Glob, and Grep tools.
  • Sanitization: The documentation is returned as-is from the source, which is expected for a documentation fetching tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 07:26 AM