Security audit

Moss Deep Search

Security checks across malware telemetry and agentic risk

Overview

This is a simple prompt-only skill for deeper web research, with no hidden code, installer, persistence, or privileged access found.

Reasonable to install if you want an agent prompt for multi-round web research. Avoid using it with sensitive queries unless you are comfortable with those queries being used for web and LLM research, and only send reports to external channels when you explicitly intend to share them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 77% confidence
Finding: The trigger conditions combine explicit phrases with vague criteria like 'need multi-source analysis' and 'Brave search results are not deep enough,' which can cause the skill to activate on loosely related requests. In an agent setting, ambiguous activation increases the chance of unintended web research, unnecessary external queries, and processing of user data beyond what the user explicitly requested.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The workflow says results will be sent to a 'specified channel' without defining what channels are allowed, what data may be transmitted, or whether user consent is required. In a research skill that aggregates potentially sensitive user queries and sourced content, this creates a real risk of unintended data disclosure or exfiltration to external destinations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal