find-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md requires calling the Context7 CLI (ctx7 library and ctx7 docs) to retrieve live documentation and code snippets from external/public libraries (Context7-indexed websites), so the agent will fetch and read untrusted third-party content that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running "npm install -g ctx7@latest" or "npx ctx7@latest", which at runtime fetches and executes remote code from the npm registry (e.g. https://registry.npmjs.org/ctx7) and then uses ctx7 docs queries to load external documentation that directly controls the agent's responses.