context7

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's resolve-library-id and query-docs tools call the external Context7 API (https://mcp.context7.com/mcp) to retrieve up-to-date documentation and code examples for arbitrary libraries, which the agent reads and uses to inform decisions, exposing it to untrusted third‑party content that could contain indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instantiates a client to the external MCP endpoint https://mcp.context7.com/mcp at runtime and fetches documentation/code results that are injected into the agent’s responses (i.e., remotely-provided content directly controls prompts and is required for the skill to function).