deep-wiki
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes content from arbitrary public GitHub repositories.
- Ingestion points: Untrusted data enters the agent's context through the
read-wiki-contentsandask-questiontools implemented inscripts/deepwiki.tswhen they retrieve documentation derived from external repositories. - Boundary markers: The script lacks explicit boundary markers or instructions to the agent to ignore potentially malicious instructions embedded within the retrieved repository documentation.
- Capability inventory: The skill is limited to making network requests to the vendor's API (
mcp.deepwiki.com). No capabilities for local file system modification, sensitive data access, or arbitrary command execution were found in the analyzed scripts. - Sanitization: The client-side proxy script does not perform sanitization or filtering of the content returned by the DeepWiki service before presenting it to the agent.
Audit Metadata