deepwiki
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for the user to configure an external Model Context Protocol (MCP) server located at https://mcp.devin.ai/mcp. This is the official endpoint for Devin's documentation service (Cognition AI), a well-known technology provider for AI agent tooling.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process data from external repositories and user questions.
- Ingestion points: Data retrieved from GitHub repositories (architecture documentation, design decisions, code intent) via the DeepWiki indexing service, as well as natural language questions passed to the
mcp__devin__ask_questiontool. - Boundary markers: The skill does not define specific boundary markers or escaping mechanisms to isolate the untrusted repository content or the user's question from the tool's execution context.
- Capability inventory: The skill utilizes file system tools (
Glob,Grep,Read) and interacts with an external AI documentation service via MCP. - Sanitization: There is no evidence of input validation, filtering, or sanitization of the content fetched from remote repositories before it is processed by the AI.
Audit Metadata