context7
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes shell commands using
curlandjq. While these are used legitimately for API interaction and JSON parsing, they represent a standard command execution surface. - [EXTERNAL_DOWNLOADS] (LOW): The skill connects to
https://context7.comto retrieve data. This domain is not on the predefined trusted list, but it matches the stated purpose of the skill. No executable code is downloaded. - [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Documentation snippets are fetched from the external Context7 API (
SKILL.md). - Boundary markers: None. Fetched content is not delimited or wrapped in instructions to ignore embedded commands.
- Capability inventory: The agent uses the retrieved documentation to inform its responses and reasoning. There is no direct file-write or secondary subprocess execution on the fetched data itself.
- Sanitization: No sanitization or filtering is performed on the retrieved documentation text before it enters the agent's context.
Audit Metadata