context7
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to https://context7.com to search for libraries and fetch documentation snippets.
- [COMMAND_EXECUTION]: The skill utilizes curl and jq within the bash environment to interact with external APIs and parse JSON responses.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests and processes untrusted documentation content from a third-party API.
- Ingestion points: Documentation text and JSON results retrieved from the Context7 API endpoints as described in SKILL.md.
- Boundary markers: None; the skill does not specify the use of delimiters or 'ignore' instructions when processing external content.
- Capability inventory: The agent has the capability to execute shell commands (curl, jq), which could be leveraged if malicious instructions are present in the documentation.
- Sanitization: The skill does not implement validation or filtering to sanitize documentation content before it is incorporated into the agent's context.
Audit Metadata