context7
Warn
Audited by Snyk on Mar 1, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and README.md explicitly instruct using the Context7 API (e.g., curl to https://context7.com/api/v2/libs/search and /api/v2/context) and the ExternalScout flow to fetch live, public documentation from third-party websites (library-registry.md links to external docs), which the agent reads and uses to make decisions and produce code, creating a clear path for untrusted third‑party content to influence behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs runtime fetching of documentation from the Context7 API (e.g. https://context7.com/api/v2/libs/search?libraryName=... and https://context7.com/api/v2/context?libraryId=...&query=...) via curl and those results are intended to be injected into the agent's context to determine its responses, so the external content directly controls prompts.
Audit Metadata