context7

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly calls the remote Context7 MCP server (https://mcp.context7.com/mcp) via the resolve-library-id and get-library-docs tools to fetch up-to-date library documentation from external sources, so the agent ingests and acts on third‑party documentation that could contain instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls an external MCP HTTP server at https://mcp.context7.com/mcp at runtime (via createRuntime/createServerProxy) to fetch documentation that is injected into tool responses, so the remote content directly controls the agent's outputs and is a required dependency.