context7
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The script
scripts/context7.shmakes network requests tohttps://context7.com. Although this domain is not on the standard whitelist, the operations are restricted to the skill's primary purpose of retrieving documentation. There is no evidence of unauthorized exfiltration of sensitive local data or credentials. - [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface (Category 8) by design. 1. Ingestion points: External documentation is retrieved via
curlinscripts/context7.sh. 2. Boundary markers: There are no explicit markers or instructions used to isolate the fetched documentation from the agent's instructions. 3. Capability inventory: The skill has the capability to perform network requests viacurl. 4. Sanitization: While user-supplied parameters are URL-encoded usingjq, the documentation text returned from the Context7 API is not sanitized or filtered before being presented to the agent.
Audit Metadata