deep-wiki
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructions direct the agent to run a TypeScript file using the
bunruntime. The file path/home/hazeruno/.config/opencode/skills/deep-wiki/scripts/deepwiki.tsis an absolute path tied to a specific user environment. Because the script itself is missing from the skill package, it constitutes unverifiable code execution. - [EXTERNAL_DOWNLOADS] (LOW): The skill relies on network connectivity to
mcp.deepwiki.comfor its core functionality. This is an external, non-whitelisted service, posing a minor data exposure risk depending on the sensitivity of the repository names queried. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it ingests and processes content from public GitHub repositories and user questions via an AI intermediary.
- Ingestion points: GitHub repository names/content and user-provided questions via the
deepwiki.tsscript. - Boundary markers: No specific delimiters are defined in the provided documentation to isolate untrusted data from the agent's instructions.
- Capability inventory: The skill possesses the capability to execute shell commands via
bun. - Sanitization: There is no evidence of sanitization or validation for the data retrieved from the DeepWiki API or user inputs in the provided files.
Audit Metadata