context7
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute shell commands using
curl. Variables likeLIBRARY_NAMEandTOPICare interpolated directly into the command string, which could lead to command injection if the agent does not properly escape user-provided inputs. - [DATA_EXFILTRATION] (LOW): The skill makes network requests to
context7.com. While this is the intended purpose of the skill, it involves sending and receiving data from an external domain that is not part of the standard whitelist. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) as it ingests untrusted documentation content from an external source. If the retrieved documentation contains malicious instructions, the agent might follow them.
- Ingestion points: API responses from
context7.comcontaining documentation snippets. - Boundary markers: Absent; there are no instructions to the agent to treat the fetched data as untrusted or to wrap it in specific delimiters.
- Capability inventory: The agent has the capability to execute shell commands (
curl,jq) and process external content. - Sanitization: Absent; no sanitization or validation of the external API's response content is specified in the skill.
Audit Metadata