ctx7-cli
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches library documentation from the Context7 registry and installs agent skills from GitHub repositories as described in SKILL.md and references/skills.md.
- [COMMAND_EXECUTION]: Executes the ctx7 CLI tool via npx or global installation to manage skills and configure agent environments.
- [REMOTE_CODE_EXECUTION]: Recommends running the ctx7 tool via npx, which executes code from the npm registry.
- [DATA_EXPOSURE_AND_EXFILTRATION]: Scans local project configuration files (e.g., package.json, requirements.txt, pyproject.toml) to suggest relevant skills based on project dependencies as seen in references/skills.md.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Fetches external library documentation and agent skills from remote repositories in SKILL.md and references/docs.md.
- Boundary markers: No specific boundary markers or instructions to ignore embedded commands are mentioned for the fetched content.
- Capability inventory: Modifies agent configuration files (.mcp.json, .cursor/mcp.json) and writes skill files to agent directories (.claude/skills/, .cursor/skills/) as documented in references/setup.md.
- Sanitization: No sanitization or validation of the fetched Markdown instructions is performed before they are integrated into the agent's skill directory.
Audit Metadata