Back to skill

Security audit

Academic Deep Research Pro

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only academic research workflow that uses web research and optional sub-agents in a disclosed, purpose-aligned way.

Before installing, understand that this skill is not truly offline: it is designed to search and fetch web content, and it may delegate independent research themes to sub-agents. Review the proposed research plan carefully, set source and scope limits, and avoid approving research that would expose confidential, regulated, or sensitive internal information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation guidance allows triggering the skill by merely mentioning broad natural-language phrases like "deep research" or "exhaustive analysis," which can easily appear in ordinary conversation. This raises the risk of unintended activation, causing the agent to enter a tool-using research workflow without explicit user intent, potentially leading to unnecessary browsing, data exposure, or costly actions.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
---

## Phase 3: Research Cycles (Auto-Execute)

### Theme 1: Market Landscape — Cycle 1
Confidence
80% confidence
Finding
Auto-Execute

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.