Skills
AGENT LAB: SKILLS
skills/johnlindquist/claude/deepwiki/Gen Agent Trust Hub

deepwiki

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). It fetches and processes data from external repositories and documentation sites to answer questions.
  • Ingestion points: The tools read_wiki_contents, ask_question, and the WebFetch command ingest untrusted content from the web and GitHub.
  • Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat fetched documentation as untrusted or to ignore embedded instructions.
  • Capability inventory: The agent has the capability to perform network requests (WebFetch, gh api) and execute local commands (jq, base64).
  • Sanitization: No evidence of sanitization or filtering of the external content is present in the skill definition.
  • External Downloads (LOW): The setup instructions direct the user to add an MCP server from a remote domain (mcp.deepwiki.com). While this is central to the skill's functionality, it involves delegating tool execution to an external service not included in the pre-defined list of trusted sources.
  • Data Exposure & Exfiltration (SAFE): The skill uses gh api to read public repository data. While this involves data access, it is restricted to public GitHub information and aligns with the stated purpose of the skill. The use of base64 -d is a standard requirement for decoding GitHub API responses for file contents.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:04 PM