docs-seeker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes public third‑party content—scripts/fetch-docs.js and the workflows use https/WebFetch to read llms.txt from context7.com (and fall back to official docs, GitHub repos, WebSearch results and community sites like Stack Overflow/Reddit) and then launches Explorer/Researcher agents to read and analyze those URLs, so untrusted web content is ingested and interpreted as part of the agent workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The fetch-docs.js script fetches llms.txt at runtime from https://context7.com/{…}/llms.txt (including topic variants like ?topic=) and the skill parses that content to produce the URL lists and agent-distribution instructions used to drive Explorer/Task agents, so the remote file directly controls agent prompts/behavior.