context7-auto-research
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- External Downloads (MEDIUM): The installation instructions use
npx skills add -g BenedictKing/context7-auto-research, which downloads and executes code from a GitHub repository owned by an untrusted user. This source is not on the predefined list of trusted organizations or repositories. - Indirect Prompt Injection (LOW): The skill is designed to fetch documentation and data from an external API (Context7). This data is considered untrusted and could potentially contain malicious instructions intended to manipulate the agent's output or behavior.
- Ingestion points: Data returned from the Context7 API.
- Boundary markers: None identified in the skill definition.
- Capability inventory: The skill provides external research data to the LLM context within Claude Code.
- Sanitization: No sanitization or validation of the fetched documentation is described.
Audit Metadata