context7
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [External Network Communication] (LOW): The skill makes curl requests to context7.com. This is not a whitelisted domain, although it is necessary for the skill's primary function of documentation retrieval.
- [Command Execution] (LOW): The skill relies on executing system commands (curl and jq) to perform its tasks. These commands are constructed using user-provided parameters (library name, query).
- [Indirect Prompt Injection Surface] (LOW): The skill fetches documentation from an external source and injects it into the agent's context. An attacker who can control the content on the documentation source could theoretically embed malicious instructions.
- Ingestion points: Data enters via the curl response from context7.com/api/v2/context in SKILL.md.
- Boundary markers: Absent. The skill does not instruct the agent to ignore instructions found within the retrieved documentation.
- Capability inventory: Uses curl and jq via subprocess/command execution.
- Sanitization: Absent. The output is used directly without escaping or filtering.
Audit Metadata