context7-auto-research
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation command 'npx skills add -g BenedictKing/context7-auto-research' fetches code from an external GitHub repository that is not included in the trusted vendors list.
- [EXTERNAL_DOWNLOADS]: There is a discrepancy between the provided skill author ('claudiodearaujo') and the repository owner specified in the installation command ('BenedictKing'), which may indicate an unverifiable or deceptive source of code.
- [REMOTE_CODE_EXECUTION]: The skill facilitates the installation and execution of code via 'npx' from an unverified third-party repository, which could allow arbitrary code to run on the user's system without prior verification.
Audit Metadata