Deep Research

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only deep research workflow that is clear about planning, user approval, and delegated research execution.

Before installing, confirm that the companion deep-research-executor skill or tool is trusted, since final behavior depends on it. Avoid including confidential business data, private documents, credentials, or personal information in research plans unless you are comfortable passing that context to a spawned research agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill explicitly instructs spawning a new sub-agent session, which expands capability from planning into delegated execution. Agent spawning is security-relevant because it can bypass tighter control in the main session, increase autonomy, and make it easier to perform broader actions than the user may have clearly approved.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: Although the document repeatedly says Phase 2 requires explicit user approval, the execution section directly tells the agent to launch the sub-agent and does not operationally enforce that gate. In practice, this mismatch can cause an implementation to proceed into autonomous research execution without a clear approval checkpoint, undermining user intent and authorization boundaries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal