context7

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md workflow explicitly instructs the agent to query the public Context7 API endpoints (https://context7.com/api/...) to fetch documentation/snippets for libraries, which the agent is expected to read and act on, exposing it to untrusted third-party content that could contain injected instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill performs runtime requests to https://context7.com/api/v2/context (and the related /api/v2/libs/search) and injects the returned documentation into the agent’s context to drive responses, meaning remote content is fetched at runtime and directly controls the agent’s prompts and is a required dependency.