context7
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill retrieves documentation from an external API (context7.com) which is then processed by the agent, creating a surface for indirect prompt injection.
- Ingestion points: Data enters the agent context via curl responses from the /api/v2/context endpoint as defined in SKILL.md.
- Boundary markers: There are no explicit instructions or delimiters used to prevent the agent from following instructions contained within the retrieved documentation.
- Capability inventory: The skill uses curl to fetch external content; the agent then interprets the resulting markdown.
- Sanitization: The skill does not perform sanitization, filtering, or validation on the retrieved content before it is processed.
- [DATA_EXFILTRATION]: The skill transmits an API key provided via the CONTEXT7_API_KEY environment variable to the context7.com domain in the Authorization header. This is the intended authentication mechanism for the described documentation service.
Audit Metadata