docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to call the Context7 CLI (ctx7 library and ctx7 docs) to retrieve up-to-date documentation and code examples from Context7 (public third-party documentation/web content), which the agent is expected to read and use to generate code and make decisions, so untrusted third-party content could supply indirect instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandates running the ctx7 CLI (e.g., via "npm install -g ctx7@latest" or "npx ctx7@latest") which fetches and executes remote code from the npm registry (e.g., https://registry.npmjs.org/ctx7) and uses ctx7 docs at runtime to retrieve external documentation that would be injected into the agent's outputs, so remote content can directly control prompts/behavior.