docs-lookup
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted content from the
query-docstool output, creating an indirect prompt injection surface. - Ingestion points: Documentation snippets returned from the
query-docsMCP tool. - Boundary markers: Absent; the retrieved content is used directly to generate the final response without isolation or safety instructions.
- Capability inventory: MCP tools are typically executed in environments like Cursor or Claude Code, which may provide file system and terminal access.
- Sanitization: No validation or sanitization is performed on the documentation data retrieved from the external service.
- [DATA_EXFILTRATION]: User queries are transmitted to the external Context7 MCP service for processing.
- Evidence: User-supplied queries are passed as arguments to the
resolve-library-idandquery-docstools. - Mitigation: The skill provides explicit instructions in the README and SKILL.md for the agent to remove sensitive credentials (API keys, passwords, tokens) from the query string before transmission to the service.
Audit Metadata