context7-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit example passing an API key on the command line (context7-cli -k "ctx7sk_xxx"), which instructs embedding the secret verbatim in generated commands and thus requires the LLM to handle/output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the context7-cli fetches up-to-date library documentation from Context7 using commands like "context7-cli docs" and "search", which ingests public third-party documentation and code examples that the agent will read and could materially influence its actions or tooling decisions.