context7

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly instructs the agent to fetch and ingest documentation and ranked code snippets from the public Context7 API (e.g., GET https://context7.com/api/v2/libs/search and https://context7.com/api/v2/context) and to read and present that third‑party content as part of its workflow, which could contain untrusted instructions that influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill performs runtime GET requests to https://context7.com/api/v2/libs/search and https://context7.com/api/v2/context to fetch documentation and code snippets that are injected into the agent's context and thus can directly control prompts/instructions.