deepwiki-mcp-skill

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The deepwiki.com site itself appears benign, but the skill instructs users to download and run a shell installer hosted at raw.githubusercontent.com (a direct .sh installer from a third‑party repo), which is a high‑risk pattern unless you manually inspect and trust the repository and author.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads documentation for arbitrary GitHub repositories via the DeepWiki MCP endpoint (mcp.deepwiki.com/mcp) as documented in SKILL.md and references/usage-patterns.md, meaning it ingests untrusted, user-generated public content (repo docs/wiki) that the agent is expected to interpret and that can materially influence follow-up actions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires runtime network access to mcp.deepwiki.com/mcp (used via deepwiki-mcp-cli / uxc) and the responses from that endpoint are injected into the agent's output/context to answer questions, meaning remote content directly controls the model's returned content and is a required dependency.