context7
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install or run the
ctx7package from the npm registry usingnpm install -gornpx. This is the core functionality of the skill. - [COMMAND_EXECUTION]: The skill relies on shell command execution to interact with the Context7 service via its CLI tool.
- [PROMPT_INJECTION]: The skill processes external content (technical documentation) which constitutes an indirect prompt injection surface. The instructions mitigate this risk by explicitly directing the agent to exclude sensitive or proprietary information from queries.
- Ingestion points: Data is ingested through the standard output of
ctx7 libraryandctx7 docscommands. - Boundary markers: Not explicitly defined in the provided instructions.
- Capability inventory: The agent utilizes shell execution capabilities.
- Sanitization: No automated sanitization is described, but explicit instructional constraints are provided to the agent.
Audit Metadata