context7
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation and code examples from the official Context7 API at
https://context7.com. This is the primary function of the skill and targets the vendor's established infrastructure. - [COMMAND_EXECUTION]: The
scripts/context7.shscript usescurlandjqfor API interaction. It properly handles user-provided inputs like library names and search topics by applying URI encoding viajqand using quoted variable interpolation, which prevents common shell injection vulnerabilities. - [DATA_EXFILTRATION]: The skill manages authentication using the
CONTEXT7_API_KEYenvironment variable. This is a standard and safe practice for providing credentials to local tools without hardcoding them in the source code.
Audit Metadata