Context7

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill invokes Context7Client (e.g., Tools/src/cli/lookup.ts and Tools/src/cli/query.ts) to fetch and print rawContent and documentation snippets (including snippet URLs) from Context7's aggregated public library documentation (open third‑party sites), which the agent reads and synthesizes into responses, exposing it to untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instantiates a Context7Client and at runtime calls client.resolveLibrary / client.queryDocs to fetch documentation from Context7 (see the referenced URL https://context7.com/dashboard), and those fetched docs are injected into the agent's output synthesis—i.e., external content from context7.com directly influences prompts/responses at runtime.