context7
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to the context7.com API to search for libraries and retrieve documentation content (SKILL.md).
- [COMMAND_EXECUTION]: The workflow relies on the execution of shell commands, specifically curl and jq, to interact with external APIs and process the results (SKILL.md).
- [REMOTE_CODE_EXECUTION]: The skill documents an alternative setup using the Model Context Protocol (MCP) which involves running the @context7/mcp-server package via npx from the npm registry (SKILL.md).
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests and processes external documentation content which is then used to generate responses for the user.
- Ingestion points: Documentation and search results fetched from https://context7.com/api/v1/ (SKILL.md).
- Boundary markers: None identified; external content is processed directly to answer questions.
- Capability inventory: Subprocess execution for curl and jq (SKILL.md).
- Sanitization: No specific sanitization or filtering of the retrieved documentation is described.
Audit Metadata