context7-auto-research

SUSPICIOUS. The stated purpose is coherent, but the trust model is weak: a community skill is installed transitively from a personal GitHub repo, then may receive an API key and execute local repo code. No confirmed malicious behavior is shown, but the install path and credential forwarding are disproportionate enough to warrant caution.