find-docs
Warn
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install an external package
ctx7from the NPM registry usingnpm install -g ctx7@latest. This dependency is not from a previously verified source for this author. - [REMOTE_CODE_EXECUTION]: The skill directs the agent to run code directly from the NPM registry via
npx ctx7@latest, which allows for the execution of remote code at runtime without version pinning. - [COMMAND_EXECUTION]: User-provided search queries are incorporated into shell commands (e.g.,
ctx7 library <name> <query>). This creates a surface for command injection if the agent fails to properly sanitize or escape shell metacharacters in the user input. - [DATA_EXFILTRATION]: The skill's primary function is to send user queries and library identifiers to an external service to retrieve documentation. While the instructions warn against including sensitive data, the mechanism inherently sends user-provided context to an external endpoint.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from an external documentation source (Context7). This content is then used by the agent to answer questions or provide setup instructions, creating a surface where an attacker could inject instructions into indexed documentation to influence the agent's behavior.
- Ingestion points: Documentation and code snippets returned by
ctx7 docscommands. - Boundary markers: None provided in the instructions to separate documentation content from agent instructions.
- Capability inventory: The agent has capabilities for
file-write,subprocessexecution, andnetworkaccess as part of its standard toolkit. - Sanitization: No explicit sanitization or validation of the retrieved documentation content is performed before the agent processes it.
Audit Metadata