Skills
skills/glennguilloux/context-engineering-kit/setup-context7-mcp/Gen Agent Trust Hub

setup-context7-mcp

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from an external GitHub README and uses it to guide the agent's setup process. Since the skill has the capability to write to project and global configuration files (./CLAUDE.md, ~/.claude/CLAUDE.md), an attacker could modify the remote README to inject malicious instructions that would then be persisted in the agent's context. 1. Ingestion points: upstash/context7 README via raw.githubusercontent.com. 2. Boundary markers: Absent. 3. Capability inventory: File-write operations to local and user-level configuration paths. 4. Sanitization: Absent.
  • [External Downloads] (MEDIUM): The skill downloads content from a GitHub repository (upstash/context7) that is not on the trusted source list.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:00 AM