context7
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches content from the external API endpoint at
https://context7.com/api/v2/context. While this is the intended purpose, it involves retrieving data from a source not on the pre-approved trusted list. - [COMMAND_EXECUTION]: The skill documentation provides examples of using
curlto interact with the API and save output to local files (e.g.,react-hooks.md). If the agent implements these commands by directly interpolating user input into the shell string without proper escaping, it could lead to command injection. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests documentation from an external source and provides it to the agent's context. Maliciously crafted documentation could attempt to override agent instructions.
- Ingestion points: API responses from
https://context7.com/api/v2/contextdescribed inSKILL.md. - Boundary markers: Absent; no specific delimiters or warnings are instructed to be used when handling the documentation content.
- Capability inventory: The skill utilizes network access and file system writes via
curlshell commands. - Sanitization: None; the skill does not specify any validation or filtering of the content returned by the API before processing it.
Audit Metadata