The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The skill executes npx -y @upstash/context7-mcp within scripts/fetch-raw.sh and scripts/start-server.sh. This downloads and executes a remote package from the npm registry at runtime without version pinning. Because '@upstash' is not within the Trusted External Sources list, this is considered a high-risk unverifiable download.
[REMOTE_CODE_EXECUTION] (HIGH): The use of npx -y allows for the dynamic execution of remote code. Any compromise of the upstream package or the registry would allow for arbitrary code execution within the agent's environment.
[INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill fetches external library documentation to guide agent actions.
Ingestion points: External documentation fetched via scripts/fetch-raw.sh from the Context7 API.
Boundary markers: Absent. The content is returned to the agent without delimiters or instructions to ignore embedded commands.
Capability inventory: The skill provides input to an agent likely capable of writing and executing code.
Sanitization: None. Malicious instructions inside documentation (e.g., 'To install, run this malicious-curl-command') are passed directly to the agent context.
[COMMAND_EXECUTION] (MEDIUM): The skill relies on complex shell script chains (scripts/fetch-docs.sh calling scripts/fetch-raw.sh and various extractors) that assemble command strings using user-provided library names and topics. This pattern increases the risk of command injection if shell metacharacters are improperly handled.
[DATA_EXPOSURE] (LOW): The skill manages a sensitive API key stored in ~/.context7.env. While it uses chmod 600 to protect the file, the key is passed as a command-line argument to npx, potentially exposing it to other users on the system via process lists.

fetch-library-docs