context7-2
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): A hardcoded API key
ctx7sk-d6069954-149e-4a74-ae8f-85092cbfcd6fis used as a default value inscripts/context7.py. Hardcoding credentials allows anyone with access to the code to use the service on the author's behalf and is a major security risk. - [DATA_EXFILTRATION] (LOW): The script communicates with
https://context7.com/api/v2. While this is consistent with the skill's stated purpose of fetching documentation, it involves sending search queries and identifiers to an external, non-whitelisted domain. - [COMMAND_EXECUTION] (LOW): The skill relies on executing a local Python script (
scripts/context7.py) to perform its tasks. This is the intended design but represents a local command execution surface. - [PROMPT_INJECTION] (LOW): (Category 8: Indirect Prompt Injection) The skill fetches and processes library documentation from an external API, which could be manipulated by an attacker to include malicious instructions.
- Ingestion points: The
get_contextfunction inscripts/context7.pyreturns documentation text from the Context7 API. - Boundary markers: Absent. There are no delimiters or instructions provided to the agent to treat the fetched documentation as untrusted data.
- Capability inventory: The agent can execute local Python scripts and make network requests through this skill.
- Sanitization: None. The API response is returned as-is to the agent's context.
Recommendations
- AI detected serious security threats
Audit Metadata