context7-docs-fetcher
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from an external documentation service.
- Ingestion points: Untrusted documentation content enters the agent context through the
get-library-docstool defined inreferences/agents/context7-docs-fetcher.md. - Boundary markers: Absent. There are no instructions to use delimiters or specific warnings to ignore embedded instructions within the fetched documentation.
- Capability inventory: The agent has access to the
mcp__ide__executeCodetool, which allows it to run code locally. - Sanitization: Absent. There is no evidence of filtering or validation of the fetched documentation before it is processed by the LLM.
- [COMMAND_EXECUTION]: The skill configuration in
references/agents/context7-docs-fetcher.mdexplicitly enables themcp__ide__executeCodetool, granting the agent the capability to execute arbitrary code in the user's environment.
Audit Metadata