context7-docs
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests documentation snippets from an external API (Context7) into the agent context. This creates an indirect prompt injection surface as content from third-party libraries or their documentation could contain instructions designed to influence the LLM. No specific boundary markers or sanitization steps are defined in the workflow instructions to mitigate this potential risk.
- [DATA_EXFILTRATION]: User queries are sent to the external
context7.comAPI to facilitate the documentation search. The skill author has included explicit constraints warning users not to include sensitive data such as API keys, passwords, or proprietary code within these queries, which aligns with security best practices for external API integration.
Audit Metadata