Skills
skills/mxyhi/ok-skills/context7-cli/Gen Agent Trust Hub

context7-cli

Warn

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the user or agent to install a global NPM package ctx7 or run it using npx, which introduces an external dependency from the public registry.
  • [EXTERNAL_DOWNLOADS]: The ctx7 skills install command allows the agent to fetch and install additional skill files from any GitHub repository specified in the /owner/repo format, potentially introducing unverified instructions into the agent's environment.
  • [COMMAND_EXECUTION]: The skill relies on executing shell commands to manage documentation, skills, and configuration. The ctx7 setup command specifically modifies agent and IDE configuration files, such as .mcp.json, .cursor/mcp.json, and .opencode.json, to register tools or install skill files.
  • [PROMPT_INJECTION]: The skill processes external content via documentation retrieval, creating an attack surface for indirect prompt injection.
  • Ingestion points: External data enters the agent context through the results of the ctx7 docs command as described in references/docs.md.
  • Boundary markers: The documentation does not specify the use of delimiters or warnings to ignore instructions embedded within the retrieved documentation.
  • Capability inventory: The agent has the capability to execute shell commands, install NPM packages, modify local configuration files (references/setup.md), and download additional skills (references/skills.md).
  • Sanitization: There is no mention of sanitization, filtering, or validation of the documentation content retrieved from external sources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 20, 2026, 01:03 PM