Skills
NYC
skills/smithery/ai/deep-wiki/Gen Agent Trust Hub

deep-wiki

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is designed to ingest and process untrusted data from arbitrary GitHub repositories via the 'DeepWiki' service. This is a classic Indirect Prompt Injection surface (Category 8). Malicious instructions embedded in a repository's README, code comments, or documentation could influence the agent's understanding or subsequent actions. No boundary markers or sanitization procedures are defined in the instructions.
  • [COMMAND_EXECUTION] (HIGH): The skill executes a local TypeScript script (deepwiki.ts) using the bun runtime. It passes user-provided or external inputs like --repo-name and --question directly as command-line arguments. This presents a risk of command injection if the script does not rigorously sanitize these arguments before execution.
  • [METADATA_POISONING] (MEDIUM): All script references use a hardcoded absolute path (/home/hazeruno/.config/opencode/skills/deep-wiki/...). This is highly irregular for a portable skill and suggests it may be targeted at a specific user environment or lacks proper configuration management.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill relies on an external package mcporter and an external service DeepWiki. While no direct download URL is provided in the markdown, these are required external dependencies for the skill to function.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:39 AM