deepwiki-mcp-skill
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and execute an installation script for the
uxcCLI tool from the author's official GitHub repository (https://raw.githubusercontent.com/holon-run/uxc/main/scripts/install.sh). This is part of the standard setup process for the vendor's tools. - [COMMAND_EXECUTION]: The skill utilizes shell commands to manage tool linking and execution. It uses
uxc linkto create a local command alias (deepwiki-mcp-cli) and subsequently executes this alias to perform documentation queries. It also includes avalidate.shscript for development-time structure verification. - [DATA_EXFILTRATION]: User queries and repository identifiers are sent to the external endpoint
mcp.deepwiki.com/mcp. This network communication is the primary function of the skill to retrieve AI-powered answers from the DeepWiki documentation index. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes content from external GitHub wikis and repositories. If these documentation sources contain malicious instructions, they could potentially influence the agent's behavior.
- Ingestion points: Content retrieved via
read_wiki_contentsandask_questiontools (SKILL.md). - Boundary markers: None explicitly defined in the tool prompts to separate external data from instructions.
- Capability inventory: The agent has the capability to execute shell commands via the
deepwiki-mcp-clitool. - Sanitization: No explicit sanitization or filtering of the documentation content is performed within the skill definition.
Audit Metadata