context7

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch live documentation and code examples from the public Context7 REST API (e.g., curl "https://context7.com/api/v1/search" and "https://context7.com/api/v1/docs") and to "Use the returned documentation to answer", meaning untrusted third-party content from that site is read and can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill issues runtime curl requests to Context7's REST API (e.g., https://context7.com/api/v1/search and https://context7.com/api/v1/docs?library=&topic=&mode=) and uses the fetched documentation directly to drive and shape agent responses, so these runtime fetches are external dependencies that control the agent's output.