Skills
skills/julianobarbosa/claude-code-skills/context7/Gen Agent Trust Hub

context7

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions in SKILL.md and the Workflows/ directory direct the agent to execute shell commands using bun to run TypeScript CLI tools (e.g., bun src/cli/lookup.ts <library> "<query>"). This pattern interpolates user-provided input directly into a shell command, which may lead to command injection if the agent does not properly escape the arguments.
  • [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface by fetching documentation snippets and code examples from the Context7 API, which aggregates content from external third-party repositories. Maliciously crafted documentation in an indexed repository could potentially influence the agent's behavior when this content is ingested into its context.
  • Ingestion points: Tools/src/cli/lookup.ts and Tools/src/cli/query.ts fetch data from the context7.com API.
  • Boundary markers: No explicit delimiters or instructions are used in the CLI output to help the agent distinguish the external documentation content from its own system instructions.
  • Capability inventory: The agent can execute subprocesses via bun, perform network operations through the provided tools, and has general file access capabilities.
  • Sanitization: The CLI tools do not perform sanitization or filtering of the retrieved documentation content before outputting it to the agent.
  • [EXTERNAL_DOWNLOADS]: The CLI tools are configured to make network requests to context7.com to resolve library identifiers and retrieve documentation data. This is the intended primary function of the skill.
  • [CREDENTIALS_UNSAFE]: The documentation provides instructions for users to manage an API key (CONTEXT7_API_KEY) using environment variables. While this is a standard practice for CLI tools, it involves handling sensitive secrets in the execution environment.
  • [NO_CODE]: The core implementation file for the API client (Tools/src/lib/context7.ts) is missing from the provided source files, though it is imported by the CLI wrappers. This limits the ability to audit the underlying network and data handling logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 01:13 PM
Security Audit — agent-trust-hub — context7