Skills
skills/kwazema/claude-skills/kw-find-docs/Gen Agent Trust Hub

kw-find-docs

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing or running the ctx7 CLI tool via npm install -g ctx7@latest or npx ctx7@latest. This involves downloading and executing code from the npm registry.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands (ctx7 library and ctx7 docs) to search for and retrieve technical documentation. Usage is restricted to three attempts per query to manage resource consumption.
  • [DATA_EXFILTRATION]: The skill supports authentication via the CONTEXT7_API_KEY environment variable and the ctx7 login command. It includes explicit instructions for the agent to avoid including sensitive data, such as credentials or proprietary source code, in search queries.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it processes content retrieved from external sources.
  • Ingestion points: Technical documentation and code examples retrieved via the ctx7 docs command in SKILL.md.
  • Boundary markers: Absent; there are no specific markers used to delineate external content from the agent's instructions.
  • Capability inventory: Execution of shell commands via the ctx7 CLI tool.
  • Sanitization: Absent; the skill does not specify mechanisms for filtering or sanitizing the retrieved documentation before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 11:24 AM