deep-wiki
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to fetch and process 'AI-generated insights' from an external third-party service (DeepWiki) based on arbitrary GitHub repositories.
- Ingestion points: Untrusted content from external repositories enters the agent's context through the
read-wiki-contentsandask-questioncommands. - Boundary markers: The skill instructions do not define any delimiters or warnings to the agent to disregard instructions potentially embedded in the fetched documentation.
- Capability inventory: The skill has the ability to execute subprocesses via the
bunruntime. - Sanitization: There is no indication that the external API responses are sanitized or validated against a strict schema before being presented to the agent.
- [Command Execution] (LOW): The skill executes a TypeScript script using
bunat a hardcoded absolute path (/home/hazeruno/.config/opencode/skills/deep-wiki/scripts/deepwiki.ts). This is a security and portability risk as it targets a specific user's home directory and could lead to execution errors or unauthorized access in shared environments. - [Unverifiable Dependencies] (LOW): The skill documentation mentions a requirement for an 'embedded' package named
mcporter. This is not a standard or widely recognized package from the main npm registry, making it difficult to verify its safety without the script source code.
Audit Metadata