Skills
skills/mxyhi/ok-skills/context7-cli/Gen Agent Trust Hub

context7-cli

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the ctx7 package globally from the NPM registry or run it via npx. This is the primary method for distributing the tool.
  • [EXTERNAL_DOWNLOADS]: The ctx7 skills install command facilitates downloading markdown-based skill definitions from arbitrary GitHub repositories (using the /owner/repo format).
  • [COMMAND_EXECUTION]: The skill relies on executing the ctx7 binary with various subcommands (library, docs, skills, setup, login) to perform its functions, which includes modifying agent configuration files (e.g., .mcp.json, .cursor/mcp.json).
  • [DATA_EXFILTRATION]: The ctx7 skills suggest command reads local project manifest files (such as package.json, requirements.txt, Cargo.toml, and go.mod) to recommend relevant skills based on project dependencies. This involves processing local file names and contents.
  • [PROMPT_INJECTION]: The skill's ability to install third-party instructions (skills) from GitHub repositories into the agent's environment creates a surface for indirect prompt injection, as the agent may subsequently follow instructions contained within those markdown files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:52 AM