Skills
skills/freekmurze/dotfiles/context7-auto-research/Gen Agent Trust Hub

context7-auto-research

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The instructions in SKILL.md (Step 2 and Step 4) direct the agent to execute a shell command via the Task tool using un-sanitized user input. By wrapping user-provided queries in double quotes inside a bash string (e.g., node ... search "<library-name>" "<user-query>"), the skill is vulnerable to shell interpolation attacks. A malicious user could include characters like backticks or $(...) in their query to execute arbitrary code on the host system.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8). It ingests documentation from an external API (context7.com) and incorporates it into the agent's context without sanitization or boundary markers.
  • Ingestion points: External data returned by context7-api.js in Step 4.
  • Boundary markers: Absent. The skill provides no instructions to treat the documentation as untrusted or to use delimiters.
  • Capability inventory: The skill has access to Bash, Write, and Task tools, which could be exploited if malicious instructions are present in the fetched documentation.
  • Sanitization: Absent. No filtering or escaping is performed on the retrieved text before it is presented to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:08 PM