context7
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests data from an external API, which could contain instructions designed to influence the agent's behavior.
- Ingestion points: Documentation snippets are retrieved from https://context7.com/api/v2/context (SKILL.md).
- Boundary markers: No boundary markers or 'ignore' instructions are used to wrap the retrieved content.
- Capability inventory: The skill uses curl and jq to perform network requests and parse output.
- Sanitization: There is no evidence of sanitization or validation performed on the retrieved documentation.
- Data Exposure & Exfiltration (LOW): The skill performs network operations to context7.com, which is not included in the provided whitelist of trusted domains.
- Evidence: The SKILL.md file contains multiple curl commands targeting context7.com to search for and fetch documentation.
Audit Metadata