deep-wiki
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to
https://mcp.deepwiki.com/sse. This external endpoint is used to proxy tool calls for fetching documentation and asking questions about repositories. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests data from a remote AI service (
mcp.deepwiki.com) and presents it to the agent without boundary markers or sanitization. Malicious instructions embedded in the AI-generated documentation could potentially influence the agent's behavior. - Ingestion points: Data enters the agent context via the output of
read-wiki-contentsandask-questiontools. - Boundary markers: None detected. The script directly prints results from the remote server.
- Capability inventory: The script performs network requests via the
mcporterruntime but does not appear to have direct file-write or local command execution capabilities beyond the CLI invocation itself. - Sanitization: No sanitization or validation of the remote content is performed before it is output to the user/agent.
- [COMMAND_EXECUTION]: The skill requires the use of the
bunruntime to execute thedeepwiki.tsscript. The documentation provides example commands that use absolute local file paths (C:\Users\lyf1143312445\...), which indicates the skill may be configured for a specific local environment.
Audit Metadata