context7

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill calls the external Context7 MCP service at https://mcp.context7.com/mcp (via the resolve-library-id and get-library-docs tools) to retrieve public library documentation and code examples from third‑party/open web sources, so the agent will ingest and interpret untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill creates a runtime server proxy that calls https://mcp.context7.com/mcp at runtime (via createRuntime/createServerProxy and proxy.getLibraryDocs / proxy.resolveLibraryId), so responses fetched from that URL are directly used as tool output that will steer the agent's prompts/responses.