context7-skills
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill's primary purpose is to install and execute code from remote repositories via
npx ctx7 skills install. This allows the agent to download and run arbitrary code based on user-provided or search-discovered repository paths. - COMMAND_EXECUTION (MEDIUM): The skill mandates the direct execution of shell commands (
npx ctx7 ...) and explicitly forbids the agent from merely printing the command for user review. This 'execution-first' policy reduces human-in-the-loop oversight. - INDIRECT PROMPT INJECTION (LOW): The skill ingests untrusted data from search results and requires the agent to display it 'as-is' without sanitization.
- Ingestion points: The output of
npx ctx7 skills searchis processed and displayed to the user. - Boundary markers: None are specified; entries are handled as raw text.
- Capability inventory: The agent has shell execution capabilities via the
npxcommand. - Sanitization: Explicitly forbidden by the instruction to 'preserve the entry text as-is'.
- EXTERNAL_DOWNLOADS (LOW): The skill uses
npx, which dynamically fetches and executes packages from the npm registry. Whilectx7is the intended package,npxbehavior can be influenced by registry state or typosquatting.
Audit Metadata