Skills
skills/xfstudio/skills/context7-auto-research/Gen Agent Trust Hub

context7-auto-research

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The installation instructions command 'npx skills add -g BenedictKing/context7-auto-research' downloads and installs code from a GitHub account ('BenedictKing') that is not part of the trusted organizations list. This represents an unverifiable dependency.
  • PROMPT_INJECTION (LOW): The skill is designed to fetch external documentation via the Context7 API to be used in AI conversations, which is a known vector for Indirect Prompt Injection.
  • Ingestion points: Documentation data retrieved from the external Context7 API.
  • Boundary markers: None identified in the provided skill definition.
  • Capability inventory: Documentation retrieval and presentation to the agent context.
  • Sanitization: No sanitization or validation of the fetched documentation content is mentioned or implemented in the provided file.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:38 PM