context7-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly resolves and fetches documentation from public Context7 MCP/REST endpoints (e.g., https://mcp.context7.com/mcp and https://context7.com/api/v2 as shown in SKILL.md and scripts/docs.sh), retrieving documentation for arbitrary npm libraries that the agent ingests and uses to drive its workflow, so untrusted third‑party content could indirectly inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the Context7 endpoints at runtime (fallback URL https://mcp.context7.com/mcp and direct API https://context7.com/api/v2) to fetch documentation that is injected into the agent context (and also invokes npx mcporter at runtime which can fetch and run remote tooling), so external content fetched from those URLs can directly influence prompts or execute remote code.