researching-with-deepwiki
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The script
scripts/verify.pyaccesses~/.claude/settings.jsonand other configuration paths to verify the MCP server setup. While these files may contain sensitive credentials, the script only performs local key-presence checks and does not exfiltrate any data. - Unverifiable Dependencies & Remote Code Execution (LOW): The skill configures the agent to use external third-party MCP servers at
deepwiki.comanddevin.ai. These are non-trusted external dependencies that handle the skill's core logic and process user queries remotely. - Command Execution (LOW): The
SKILL.mdfile provides instructions for users to executeclaude mcp addto modify their agent's configuration. This is a standard procedure for MCP server integration. - Indirect Prompt Injection (LOW): The skill analyzes untrusted third-party repositories, which is a known attack surface. A malicious repository could contain instructions in source code or README files designed to influence agent behavior. Evidence Chain: 1. Ingestion points: External code content fetched via DeepWiki MCP (referenced in
SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Architecture analysis and code explanation capabilities (referenced inSKILL.md). 4. Sanitization: Absent.
Audit Metadata