deepwiki
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill communicates with an external endpoint
https://mcp.deepwiki.com/mcp. While this is required for the skill's primary function, the domain is not on the trusted whitelist, and user-provided repository names and questions are transmitted to this third-party service.- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from public GitHub documentation. 1. Ingestion points: Theask,structure, andcontentscommands inscripts/deepwiki.jsreturn data from external sources. 2. Boundary markers: Absent; there are no instructions to the agent to treat the retrieved content as data rather than instructions. 3. Capability inventory: The skill can execute local Node.js scripts. 4. Sanitization: Not documented in the provided skill definition.- [Command Execution] (SAFE): The skill executes a local script./scripts/deepwiki.jsusing Node.js, which is standard behavior for an AI agent skill and does not appear to involve arbitrary command injection in the provided markdown.
Audit Metadata