Back to skill

Security audit

Academic Deep Research

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only academic research skill whose web, memory, and parallel-session use is disclosed and aligned with deep research, though users should set clear scope and avoid sensitive inputs.

Use this skill for deliberate research tasks, preferably via /research. Before approving Phase 3, set limits on scope, number of themes, sources, and time. Avoid including confidential personal or business details unless you are comfortable with search/fetch tools processing them, and tell the agent not to use memory or parallel sessions when you need tighter privacy or containment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill advertises broad natural-language triggers such as requests for "deep research," "exhaustive analysis," and "tell me everything about X," which are common user phrasings and can cause the skill to activate unintentionally. Because this skill drives extensive web_search, web_fetch, and sessions_spawn workflows, unintended invocation can lead to unnecessary external access, excess cost, and potentially over-broad processing of user requests that did not actually require this high-powered research behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.