context7
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a bash script (
scripts/context7.sh) to interact with the Context7 REST API. It utilizescurlfor network requests andjqfor processing results. User-provided search queries and documentation topics are sanitized using URI encoding to prevent command or parameter injection. - [DATA_EXFILTRATION]: The skill makes network requests to
https://context7.comto retrieve documentation. It allows for an optional API key to be passed via theCONTEXT7_API_KEYenvironment variable for authentication, which is a standard credential management practice. - [PROMPT_INJECTION]: The skill fetches external text (API documentation and code examples) from a remote service and provides it to the agent. This introduces a surface for indirect prompt injection:
- Ingestion points: documentation content fetched via
scripts/context7.shfrom the context7.com API. - Boundary markers: Absent (the fetched content is not wrapped in delimiters or accompanied by instructions to ignore embedded commands).
- Capability inventory: The skill has access to shell tools (
curl,jq) and file reading capabilities. - Sanitization: Inputs used to construct the API requests are URI-encoded, but the content returned from the API is not filtered for potential malicious instructions before being passed to the agent.
Audit Metadata