context7
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to fetch and process external library documentation using the
mcp__context7__get-library-docstool. This creates an ingestion surface for untrusted data from the web. - Ingestion points: External library documentation fetched via
mcp__context7__get-library-docs(SKILL.md). - Boundary markers: None explicitly defined to separate documentation content from agent instructions.
- Capability inventory: The skill has access to
Bash (*)andWritetools, which could be exploited if an attacker embeds instructions in public documentation (SKILL.md). - Sanitization: No sanitization or validation of the fetched documentation content is mentioned.
- [Command Execution] (LOW): The skill requests
Bash (*)permissions in theallowed-toolsmetadata. While no specific malicious scripts are included in the skill itself, the wildcard access allows for arbitrary command execution which should be restricted to the minimum necessary scope (SKILL.md).
Audit Metadata