context7
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill initiates network connections to context7.com, which is an external domain not recognized as a trusted or well-known service provider in the analysis framework.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and presents content from an external source without implementing security boundaries or sanitization.
- Ingestion points: External library documentation and search results fetched from the Context7 API as described in SKILL.md.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to prevent the agent from executing commands that might be embedded in the documentation.
- Capability inventory: The skill's capabilities are limited to making HTTP GET requests and displaying text; no file system access, shell execution, or credential usage is requested.
- Sanitization: There is no requirement for the agent to sanitize or validate the API response content before processing or presenting it to the user.
Audit Metadata