library-docs
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup instructions suggest running 'npx -y @context7/mcp-server', which downloads and executes a package from the NPM registry. This package is not from a trusted organization or well-known service according to the security policy.\n- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection as it ingests untrusted data from an external documentation service.\n
- Ingestion points: Documentation is retrieved via the 'mcp__context7__get-library-docs' tool from external sources.\n
- Boundary markers: There are no explicit markers or instructions provided to the agent to distinguish fetched documentation content from system instructions or to ignore embedded commands.\n
- Capability inventory: The skill is designed to work in conjunction with 'api-backend' and 'frontend-specialist' agents, which possess capabilities for file writing, system modification, and command execution.\n
- Sanitization: The skill lacks mechanisms to sanitize or validate the documentation content before it is processed by the agent.
Audit Metadata