context7
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill recommends using
npx -y @context7/mcp-server. This command downloads and executes code from the npm registry at runtime without specific version pinning or integrity verification, which is a vector for remote code execution if the package or registry is compromised. - [COMMAND_EXECUTION] (LOW): The core workflow relies on the execution of shell commands (
curl,jq). While intended for documentation retrieval, it establishes a pattern of the agent interacting directly with the system shell. - [DATA_EXFILTRATION] (SAFE): Network activity is restricted to
context7.com. No access to sensitive local files or credentials was detected in the provided scripts. - [PROMPT_INJECTION] (LOW): The skill processes content fetched from an external API (
context7.com). - Ingestion points: Data enters the context via
curlresponses. - Boundary markers: None provided in the examples to distinguish between documentation and potential instructions.
- Capability inventory:
curl,jq,npx. - Sanitization: No evidence of sanitization or filtering of the fetched documentation before presenting it to the agent.
Audit Metadata