mcp-context7-docs
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's requirements section recommends installing a CLI tool via 'curl -fsSL [URL] | sh'. This method executes a remote script from 'https://raw.githubusercontent.com/vaayne/mcphub/main/scripts/install.sh' directly in the host shell, bypassing verification and creating a significant security risk.
- [COMMAND_EXECUTION]: The skill uses a custom CLI tool 'mh' to list, inspect, and invoke tools from the Context7 documentation service.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. 1. Ingestion points: Documentation and code examples are retrieved from the external service 'https://mcp.context7.com/mcp' via the 'queryDocs' tool. 2. Boundary markers: None are specified to delimit external content or warn the agent to ignore embedded instructions. 3. Capability inventory: The skill uses the 'mh' CLI tool to execute operations, which could be manipulated by malicious content in the documentation. 4. Sanitization: There is no evidence of sanitization or filtering of the content returned from the external API.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/vaayne/mcphub/main/scripts/install.sh - DO NOT USE without thorough review
Audit Metadata