Trust Assessment
context7 received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized User Input in `curl` commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 9b0e00ad). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsanitized User Input in `curl` commands The skill provides `curl` command examples that construct URLs using user-provided parameters such as `LIBRARY_NAME`, `TOPIC`, and `LIBRARY_ID`. If an agent directly interpolates untrusted user input into these shell commands without proper URL encoding and shell escaping, it could lead to command injection. An attacker could craft malicious input for these parameters to execute arbitrary shell commands on the host system. The agent executing these commands must ensure that all user-provided parameters (`libraryName`, `query`, `libraryId`) are thoroughly URL-encoded and shell-escaped before being interpolated into the `curl` command string. It is recommended to use a robust library or API for making HTTP requests programmatically, rather than constructing and executing shell commands directly from user input. | LLM | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/69f516e5c7464cc3)
Powered by SkillShield