context7-docs-lookup
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process documentation from an external third party (Context7), which could contain malicious hidden instructions. * Ingestion points: Data is brought into the agent context via the
query-docstool output. * Boundary markers: None; the skill does not specify the use of delimiters or instructions for the agent to ignore embedded prompts in the fetched documentation. * Capability inventory: The skill uses high-level tool calls for documentation retrieval; no direct command execution or filesystem access is present in the markdown. * Sanitization: None; there is no validation or filtering of the external content before it is processed by the agent. - Data Exposure & Exfiltration (LOW): The skill's instructions require sending the user's full query to the Context7 API, which is not on the trusted domain whitelist, to improve documentation search relevance.
Audit Metadata