documentation-lookup
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill makes network requests to context7.com, which is not a pre-approved trusted source. This dependency introduces risks regarding the integrity of the documentation returned.
- COMMAND_EXECUTION (LOW): The skill utilizes curl and jq for API communication and data processing. While standard, executing shell commands based on user-provided library names or topics requires the agent to handle string escaping correctly to prevent shell injection.
- PROMPT_INJECTION (MEDIUM): Identified as an indirect injection vulnerability (Category 8) due to the ingestion of untrusted external content. * Ingestion points: Markdown-formatted documentation fetched from the context7.com API as described in SKILL.md. * Boundary markers: Absent; the skill does not provide instructions to the agent to treat fetched content as potentially adversarial or to use delimiters. * Capability inventory: The skill uses curl and jq subprocess calls to interact with external APIs. * Sanitization: There is no evidence of sanitization or validation of the markdown content before it is processed by the agent.
Audit Metadata