ctx7-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public third‑party content — ctx7 docs retrieves library documentation from the Context7/public docs index (references/docs.md), ctx7 skills install pulls skills from arbitrary GitHub repositories (/owner/repo) (references/skills.md), and ctx7 setup writes a rule directing the agent to use Context7 for documentation — all of which the agent is expected to read and can materially influence its tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The ctx7 CLI installs skills from GitHub-style repositories at runtime (e.g., /anthropics/skills), and those fetched Markdown "skills" are explicitly described as files that teach AI agents—meaning remote content would directly control agent prompts/instructions.