The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The skill performs unauthenticated and unpinned downloads of the @upstash/context7-mcp package using npx -y in scripts/fetch-docs.sh, scripts/fetch-raw.sh, and scripts/start-server.sh. This allows for the execution of arbitrary code from the NPM registry that is not subject to version control or integrity checks within the skill.
[COMMAND_EXECUTION] (HIGH): The orchestration scripts execute shell commands that incorporate user-provided variables into JSON strings used as command arguments. In scripts/fetch-docs.sh, the --library and --topic parameters are interpolated directly into a string passed to mcp-client.py. Maliciously crafted library names (e.g., using quotes or shell metacharacters) can break the JSON structure and potentially lead to command injection via the shell execution environment.
[REMOTE_CODE_EXECUTION] (HIGH): Through the use of npx -y and the processing of external documentation that could contain malicious instructions, the skill provides a pathway for system compromise.
[PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection (Category 8).
Ingestion points: Documentation is fetched from the Context7 API via scripts/fetch-raw.sh.
Boundary markers: There are no delimiters or 'ignore' instructions wrapping the fetched content when it is returned to the agent.
Capability inventory: The skill environment has the capability to execute shell commands, run Python scripts, and invoke network-connected tools like npx.
Sanitization: Scripts use awk and grep for token reduction, which does not provide security sanitization against adversarial instructions.
[NO_CODE] (MEDIUM): The foundational script scripts/mcp-client.py is referenced throughout the skill but is missing from the provided files, making the core communication and execution logic unverifiable.

context7-efficient