Skills
skills/kwazema/claude-skills/kw-find-docs/Gen Agent Trust Hub

kw-find-docs

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation or execution of the ctx7 package from the NPM registry.
  • [COMMAND_EXECUTION]: Shell commands are used to invoke the Context7 CLI tool (ctx7 library and ctx7 docs) to fetch documentation and resolve library identifiers.
  • [PROMPT_INJECTION]: The skill ingests documentation data from an external source, presenting an indirect prompt injection surface.
  • Ingestion points: Documentation content is retrieved via CLI output from ctx7 docs as defined in SKILL.md.
  • Boundary markers: The skill lacks explicit delimiters or instructions to treat the retrieved documentation as untrusted data.
  • Capability inventory: The agent uses retrieved information to generate code and verify API signatures, which are sensitive operations.
  • Sanitization: There is no evidence of sanitization or validation of the content returned by the external CLI tool before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 04:53 PM