skills/petekp/claude-code-setup/deepwiki/Snyk

deepwiki

Warn

Audited by Snyk on Feb 20, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to fetch and read documentation from public third-party sites (e.g., WebFetch https://deepwiki.com/owner/repo and MCP tools like mcp__deepwiki__read_wiki_contents, as well as fallback GitHub API calls to read READMEs) so untrusted user-generated or web-hosted content would be ingested and could influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). This skill calls DeepWiki endpoints at runtime (e.g., https://deepwiki.com/{owner}/{repo} and the MCP endpoints https://mcp.deepwiki.com/mcp and https://mcp.deepwiki.com/sse) to fetch documentation that is injected into the agent's context and used to drive responses, so remote content can directly influence prompts.

Audit Metadata

Risk Level

MEDIUM

Analyzed

Feb 20, 2026, 04:45 AM