Back to skill

Security audit

Gemini Deep Research 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward Gemini Deep Research helper that sends user-provided research requests to Google's API and saves the results locally.

Install only if you are comfortable sending your research prompts and any referenced context to Google's Gemini service. Avoid using confidential documents or sensitive personal data unless your Google API terms and retention settings are acceptable, and treat the saved markdown and JSON outputs as potentially sensitive files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation indicates access to environment variables, network egress to an external API, and local file writes, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users or orchestration systems may not realize the skill can exfiltrate prompts or file-search content to Google and persist outputs locally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file-search example encourages comparing internal reports against public web news but does not clearly warn that local or private document contents may be transmitted to Gemini's external service for processing. In a research skill, users are especially likely to supply sensitive corporate documents, making this omission more dangerous because it can lead to unintended disclosure of confidential data.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The output section says results are saved to markdown and JSON files but does not warn that the JSON contains full interaction metadata, which may include sensitive prompts, source details, or other research context. Silent local persistence increases the risk of accidental exposure through shared workstations, backups, source control, or downstream tooling.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script automatically persists both the generated report and the full JSON response to local disk without an explicit warning or opt-in. Research outputs can contain sensitive prompts, proprietary results, file-search-derived content, metadata, or API-returned details that remain on disk longer than users expect, increasing the risk of unintended disclosure on shared systems or in synced directories.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill sends the user's research query, and optionally a file-search store reference, to a remote third-party API without any explicit privacy notice or confirmation. In a research skill, users may include confidential business, legal, medical, or source-material content, so silent transmission materially increases the risk of accidental data disclosure to an external service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.