dev-docs-fetch
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a restricted set of Bash commands (find, stat, mkdir, date, ls) exclusively for cache management and file metadata verification. These operations are scoped to the internal output directory and do not involve arbitrary command execution.
- [EXTERNAL_DOWNLOADS]: Technical documentation is retrieved from the Context7 MCP service. This is the primary purpose of the skill and is handled via standard MCP tool interfaces. There is a mandatory 'HARD STOP' requiring user approval before any external requests are made.
- [PROMPT_INJECTION]: The skill follows a structured protocol and does not contain any instructions attempting to bypass safety filters or override agent behavior.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from external sources (Context7 API and user-provided tech stack files), establishing an indirect prompt injection surface. 1. Ingestion points: Documentation is ingested from external Context7 API calls and the local tech.md file. 2. Boundary markers: Content is stored in markdown files with YAML frontmatter delimiters to separate metadata from documentation content. 3. Capability inventory: The skill has permissions for file writing and restricted system utilities. 4. Sanitization: The skill stores documentation as raw markdown, relying on the host agent's safety guardrails when processing the files later.
Audit Metadata