context7
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill documentation references executing a local Python script at
~/.codex/skills/context7/scripts/context7.py. Since the contents of this script are not included in the provided file, its security posture regarding file system access or network operations cannot be verified. - [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8) because it retrieves documentation from an external API to guide the agent in implementing features or debugging. 1. Ingestion points: External documentation content is ingested via the
contextcommand. 2. Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the documentation. 3. Capability inventory: The skill has the capability to influence code generation and debugging decisions based on the fetched data. 4. Sanitization: No sanitization or validation of the fetched documentation is mentioned.
Audit Metadata