documentation-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and ingests documentation from the public context7.com API (and falls back to arbitrary web search), so the agent will read untrusted third-party content (markdown from external docs) as part of its workflow, enabling indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill issues runtime fetches to https://context7.com/api/v2/... (e.g., "https://context7.com/api/v2/search" and "https://context7.com/api/v2/docs/code{library_id}"), and those fetched markdown documentation snippets are injected into the agent’s context to directly control prompts/responses, making this a required remote-content dependency.