context7

================================================================================

🔴 VERDICT: HIGH

This skill is rated HIGH due to the presence of a hardcoded API key directly within the Python script. This key is exposed and could be misused if compromised. The skill also performs network requests to an external, non-whitelisted domain using this key, which constitutes data exfiltration of the key itself and user query data.

Total Findings: 3

🔴 HIGH Findings: • Hardcoded API Key

• scripts/context7.py:13: API_KEY = os.environ.get("CONTEXT7_API_KEY", "ctx7sk-d6069954-149e-4a74-ae8f-85092cbfcd6f") The script contains a hardcoded default API key. While it attempts to load from an environment variable, the fallback is a static, exposed value. This is a significant security vulnerability as the key is visible to anyone inspecting the skill files and could be compromised or misused. • External Network Communication with Exposed API Key
• scripts/context7.py:17: API_BASE = "https://context7.com/api/v2" The skill makes network requests to https://context7.com/api/v2, an external domain not on the trusted whitelist. These requests are authenticated using the hardcoded API key, meaning the key is transmitted to this external service along with user-provided query data. This combines credential exposure with data exfiltration to a third party.

ℹ️ LOW Findings: • Indirect Prompt Injection Risk

• SKILL.md The skill's purpose is to fetch documentation from an external API based on user queries. As such, there is an inherent informational risk of indirect prompt injection if the context7.com API were to return malicious content designed to influence the LLM's behavior. This is a general risk for skills that process external, user-influenced data.

================================================================================