context7

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly calls the Context7 API to fetch live documentation and code examples from public third-party repositories (see SKILL.md and the FullLookup/QueryDocs workflows and Tools/src/cli/*.ts which use Context7Client to query docs), and those untrusted documents are then used to synthesize code and drive next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the Context7 API at runtime (via Context7Client.queryDocs) to fetch documentation that is injected into agent responses — meaning external content from Context7 (see https://context7.com/dashboard) can directly control the agent's output.