Deep Research Suite

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only research workflow that searches public sources and saves local reports, with no hidden code or credential behavior found.

Install this if you want an agent to perform multi-source public research and write reports under memory/research/. Avoid using it for confidential topics unless that local retention is acceptable, and review generated sources because synthesized research can still be inaccurate or outdated.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill’s description and examples are broad enough that it could trigger on ordinary research or summarization requests without a clearly bounded invocation contract. In an agent environment, this increases the chance of unintended activation of a multi-step workflow that performs external searches and writes output files, which can expand data exposure and side effects beyond what the user explicitly requested.

Missing User Warnings

Low

Confidence: 95% confidence
Finding: The skill repeatedly states that reports are saved to files under memory/research/, but it does not clearly warn the user that file-writing will occur or obtain consent before persisting content. This can lead to unintended storage of sensitive queries, synthesized content, or externally derived data, especially in shared or persistent agent environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal