context7-docs
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches library documentation from the official Context7 API and MCP server endpoints.\n- [REMOTE_CODE_EXECUTION]: Uses npx to dynamically execute the mcporter tool from the npm registry.\n- [COMMAND_EXECUTION]: Executes bash scripts that use curl for API communication and npx for MCP tool execution.\n- [COMMAND_EXECUTION]: Uses a Python script to provide timeout functionality for subprocess execution.\n- [PROMPT_INJECTION]: Processes external documentation which represents an indirect prompt injection surface.\n
- Ingestion points: scripts/docs.sh (via curl and mcporter)\n
- Boundary markers: Uses formatted headers to separate documentation content.\n
- Capability inventory: Bash, Read, Glob, Grep.\n
- Sanitization: Documentation is output directly to the agent.
Audit Metadata