Deep Research Agent

This skill looks like a genuine deep-research tool but has discrepancies and risky behaviors you should address before installing or running it: - Manifest mismatch: The registry metadata says no environment variables are required, but the SKILL.md and code require TAVILY_API_KEY and an LLM API key. Do not supply secrets until the author/registry metadata is corrected or you review the origin. - File writes: The instructions/code expect to write files (e.g., /research_request.md, /final_report.md). Confirm where files will be written (root vs current directory) and run in an isolated container or VM to avoid accidental overwrite of host files. - Arbitrary URL fetching: The agent fetches full page content using httpx for URLs returned by Tavily. That can potentially access internal network endpoints if a search result points there (SSRF-like risk). Prefer running the agent in a network-restricted environment and inspect fetched URLs if possible. - Dependency & install: The skill ships code and a requirements.txt but no formal install spec in the registry. If you install dependencies, do so in a virtualenv/container and inspect the packages (deepagents, tavily-python, langchain-anthropic, markdownify) yourself. - Trust & provenance: There is no homepage and the owner is an opaque ID. If you need to use this skill, ask the publisher for source provenance, or only run it in a sandbox. If you plan to proceed: run it in an isolated environment, avoid using high-privilege or production API keys (create scoped/test keys), and review the Tavily search results and any files the agent writes before trusting outputs.