find-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires calling the Context7 CLI (e.g., ctx7 library and ctx7 docs /org/project <query>) to retrieve public third‑party documentation and code examples, which the agent is expected to read and use to make decisions, exposing it to untrusted external content that could contain malicious instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandates running the Context7 CLI fetched from the npm registry at runtime (e.g., "npx ctx7@latest" / "npm install -g ctx7@latest"), which downloads and executes remote package code and returns documentation that is then injected into the agent's context, so it directly controls prompts and executes remote code.