mcp-context7

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires a runtime connection to the external Context7 MCP server (configured as "context7" in .vscode/mcp.json / @upstash/context7-mcp) to fetch documentation snippets that are injected into the agent context and therefore can directly control prompts/instructions.