context7-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests untrusted, user-generated third-party content—references/docs.md describes calling "ctx7 docs" to retrieve up-to-date library documentation and references/skills.md and SKILL.md state you can "install skills from any GitHub repository (/owner/repo)" and that ctx7 setup writes a rule/skill guiding the agent to use these commands, meaning the agent will read/interpret that external content which can materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The ctx7 CLI can fetch and install skills from GitHub-style repositories at runtime (e.g., /anthropics/skills), which downloads Markdown "skill" files that are injected into an agent's skills directory and therefore directly control agent prompts/instructions.