Skills
skills/jokejason/local-context7/build-my-context7/Gen Agent Trust Hub

build-my-context7

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill fetches content from external URLs and GitHub repositories using curl and git based on local manifest files. No domain whitelisting or source verification is enforced.
  • [COMMAND_EXECUTION] (LOW): Utilizes the shell command 'ls' to discover manifest files within the .claude/skills/ directory.
  • [PROMPT_INJECTION] (LOW): Vulnerable to indirect prompt injection (Category 8). Evidence: 1. Ingestion points: External documentation files downloaded via curl and git. 2. Boundary markers: Absent. 3. Capability inventory: Spawns manifest-processor sub-agents and utilizes networking tools (curl, git). 4. Sanitization: None; the 'AI filtering' step is susceptible to instructions embedded in the downloaded content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:18 PM