context7
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks common to tools that ingest external data. It retrieves documentation and code snippets from a remote API and provides them to the agent.
- Ingestion points: Data is ingested through the
resolve-library-idandquery-docstools inapp.py, which fetch content fromhttps://mcp.context7.com/mcp. - Boundary markers: The skill does not implement explicit boundary markers or 'ignore embedded instruction' warnings when passing external content back to the agent.
- Capability inventory: The skill's capabilities are limited to network communication with the specific Context7 API endpoint and local JSON processing.
- Sanitization: While the tool performs JSON parsing and error handling, it does not sanitize the retrieved natural language text for potential instruction-based attacks.
- [DATA_EXFILTRATION]: The skill transmits user queries to the external domain
mcp.context7.com. This is the documented primary purpose of the skill and is required for functionality. - The author has included explicit warnings in
SKILL.mdand the tool parameter descriptions advising users not to include sensitive or confidential information in their queries.
Audit Metadata