Academic Deep Research

Security checks across malware telemetry and agentic risk

Overview

This is a text-only deep research workflow with disclosed web and memory use, but users should notice its inaccurate offline claim and broad activation wording.

Install this only if you want a web-based research workflow. Before approving Phase 3, review the research themes, search terms, use of sub-agents, and whether saved memory should be consulted. Do not treat the offline claim as accurate for real research execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The README makes a materially misleading claim that the skill works 'Offline ✅ Yes' while the documented execution path depends on `web_search` and `web_fetch`. This can cause users or downstream agents to trust the skill in restricted or air-gapped environments, leading to failed execution, policy bypass attempts, or incorrect assumptions about data exposure and network use.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger guidance includes very broad phrases such as requests for 'exhaustive analysis' or 'Tell me everything about X,' which can match ordinary user prompts that are not explicitly asking to invoke this skill. This creates an over-broad activation surface, increasing the chance of unintended invocation, unnecessary tool use, and execution of a heavyweight research workflow without clear user intent.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The invocation guidance allows activation by merely mentioning broad natural-language phrases like "deep research" or "exhaustive analysis," which can overlap with normal user conversation. This creates an unintended invocation risk where the skill may trigger during unrelated discussion, causing unplanned autonomous tool use and research actions without clear user intent.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: --- ## Phase 3: Research Cycles (Auto-Execute) ### Theme 1: Market Landscape — Cycle 1
Confidence: 87% confidence
Finding: Auto-Execute

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal