deepwiki
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is configured to send repository names and user-provided questions to a remote server at
https://mcp.deepwiki.com/mcp. This domain is an external third-party service not associated with trusted organizations or well-known technology providers. - [PROMPT_INJECTION]: The skill ingests content from external GitHub repositories, which constitutes a surface for indirect prompt injection.
- Ingestion points: The
read_wiki_contentsandask_questiontools defined inreference.mdfetch and process data from remote public repositories. - Boundary markers: There are no instructions or delimiters provided to the agent to distinguish external content from system instructions or to ignore potentially malicious embedded content.
- Capability inventory: The skill is limited to data retrieval and querying, and does not possess high-privilege capabilities such as local file system access or shell command execution.
- Sanitization: The skill description does not indicate any validation, filtering, or sanitization of the content retrieved from external sources before it is processed by the agent.
Audit Metadata