deepwiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md explicitly says it fetches and interprets documentation and wikis for public GitHub repositories via the DeepWiki MCP server (https://mcp.deepwiki.com/mcp) as part of its Ask/structure/contents commands, meaning it consumes untrusted user-generated web content that could contain instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the external MCP server at https://mcp.deepwiki.com/mcp at runtime to fetch repository wiki content that is injected into the agent's context and directly controls the model's responses, making it a required external dependency.