deepwiki
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill references a local JavaScript file located at
./scripts/deepwiki.jsfor all command executions. However, this file was not provided for analysis. The security profile of the script's internal logic remains unverified. - [EXTERNAL_DOWNLOADS]: The skill is configured to interact with a remote API at
https://mcp.deepwiki.com/mcp. This behavior is documented and consistent with the skill's purpose of fetching external documentation. - [PROMPT_INJECTION]: The skill provides an interface for the agent to ingest untrusted data via user-provided questions and repository paths.
- Ingestion points: Arguments passed to the
node ./scripts/deepwiki.jscommand (specifically<owner/repo>,"your question", and<path>). - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided CLI examples.
- Capability inventory: The skill executes local commands using Node.js and performs network requests to the DeepWiki API.
- Sanitization: There is no evidence of input sanitization or validation within the markdown documentation.
Audit Metadata