docs-seeker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public third-party content (e.g., fetch-docs.js constructs and GETs llms.txt from https://context7.com/... and the workflows also perform web searches, read public websites, and clone/analyze GitHub repositories and other public docs via the repo-analysis flow), so the agent will read and interpret untrusted, user-generated or public web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's fetch-docs.js retrieves llms.txt at runtime from context7.com (e.g., https://context7.com/{org}/{repo}/llms.txt?topic=...) and uses that fetched content to determine which documents/URLs agents will load and how they operate, so remote content from context7.com directly controls agent inputs and is a required runtime dependency.