context7
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
scripts/context7.py) to interface with the Context7 API. These commands are restricted to searching for libraries and fetching documentation snippets. - [CREDENTIALS_UNSAFE]: The skill correctly manages its API key by requiring it to be set in an environment variable (
CONTEXT7_API_KEY) rather than hardcoding it. It provides clear instructions for the user to set this variable. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to
https://context7.comto retrieve documentation. This is the primary and expected function of the skill, and the domain is the official endpoint for the service described. - [DATA_EXFILTRATION]: No patterns of data exfiltration were detected. The skill only sends search queries and library IDs to the API and retrieves documentation content.
- [PROMPT_INJECTION]: The instructions do not contain any patterns attempting to bypass safety filters or override agent behavior. The logic focuses entirely on documentation retrieval workflow.
Audit Metadata