context7

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs the agent to fetch and read documentation from the public Context7 API (e.g., curl calls to https://context7.com/api/v2/libs/search and https://context7.com/api/v2/context), which returns third‑party public website documentation the agent is expected to interpret and that can materially influence its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill issues runtime curl requests to https://context7.com/api/v2/... to fetch documentation that would be injected into the agent's context and thus directly control prompts/instructions (a required dependency for the skill).