context7-cli
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
ctx7package globally vianpm install -g ctx7@latestand facilitates the installation of coding skills from arbitrary GitHub repositories usingctx7 skills install /owner/repo. - [COMMAND_EXECUTION]: The skill's functionality is built around executing shell commands (
ctx7). It performs system-level tasks such as writing configuration files to agent directories (e.g.,~/.claude/skills,.mcp.json) and configuring MCP servers during thectx7 setupprocess. - [DATA_EXFILTRATION]: The
ctx7 skills suggestcommand reads local project files includingpackage.json,requirements.txt,pyproject.toml,Cargo.toml,go.mod, andGemfileto identify dependencies and suggest relevant skills from the registry. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted external data.
- Ingestion points: Data enters the agent context through
ctx7 docsandctx7 library(references/docs.md), andctx7 skills install(references/skills.md). - Boundary markers: Absent. The documentation does not specify the use of delimiters or instructions to ignore embedded commands in the fetched content.
- Capability inventory: The CLI has the capability to execute shell commands, write files to the filesystem, and modify agent configurations (references/setup.md).
- Sanitization: Absent. While the documentation advises users against including sensitive data in queries, there is no evidence of automated sanitization or validation of the content returned from external sources.
Audit Metadata