context7
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to
https://context7.com/api/v2to search for and retrieve documentation snippets. This is the core functionality of the skill and is performed using standard Pythonurllibcalls. - [INDIRECT_PROMPT_INJECTION]: The skill retrieves documentation from an external API and presents it to the agent. While this content could theoretically contain instructions meant to influence the agent (indirect prompt injection), the skill itself has no sensitive capabilities (e.g., file writing, shell execution) that could be exploited, and the risk is inherent to any documentation retrieval tool.
- Ingestion points: API response data in
scripts/context7.py. - Boundary markers: Absent; documentation content is printed directly to stdout for the agent to read.
- Capability inventory: The script is limited to standard network GET requests and console output; no subprocess spawning or dynamic code execution is present.
- Sanitization: The script performs no content filtering on the retrieved documentation snippets.
Audit Metadata