Academic Deep Research 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This research skill is not malware, but it needs review because it claims offline/no-cloud use while directing web research, memory lookup, and automated multi-step execution.

Install only if you are comfortable with approved research topics being sent through web search/fetch tools and with prior memory being consulted. Prefer explicit /research use, review the plan carefully before approving Phase 3, and avoid confidential, regulated, or proprietary topics unless web and memory use are constrained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The README explicitly advertises broad natural-language invocation phrases such as "deep research on..." and "exhaustive analysis of...", which can cause the skill to trigger when a user is merely describing a task rather than intentionally invoking this specific skill. In an agent ecosystem with automatic routing, this increases the chance of unintended execution, potentially launching a heavyweight research workflow, web access, and multi-step tool usage without sufficiently explicit user intent.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger examples are broad enough to match common user requests such as "tell me everything about X" or requests for analysis, which can cause the skill to activate outside narrowly intended contexts. Over-broad activation is dangerous because it can unexpectedly route ordinary conversations into a highly tool-using workflow, increasing the chance of unnecessary web access, excess autonomy, and user-surprising behavior.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation conditions describe general situations rather than precise trigger constraints, so the skill may be invoked for many normal research or explanation requests. In this skill's context, that matters because activation leads to extensive tool use, parallel sessions, and long multi-phase behavior, amplifying the consequences of accidental invocation and reducing user control.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The invocation guidance includes the broad natural-language trigger "deep research," which can be matched by ordinary user phrasing rather than an explicit opt-in command. That creates a prompt-routing risk where the skill may activate unintentionally, causing the agent to enter a more autonomous research workflow than the user intended and potentially perform unnecessary tool use or bypass normal interaction expectations.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: --- ## Phase 3: Research Cycles (Auto-Execute) ### Theme 1: Market Landscape — Cycle 1
Confidence: 91% confidence
Finding: Auto-Execute

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal