Deep Research Pro 1.0.2

Security checks across malware telemetry and agentic risk

Overview

The only identified issue is local report persistence, which appears purpose-aligned and not enough by itself to require Review.

Safe to install with ordinary caution: check where reports are saved, avoid using it for highly sensitive research unless you are comfortable with local files being retained, and delete generated reports when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs writing reports to a persistent filesystem path without notifying the user or requiring consent. This can create privacy and data retention risks, especially if research topics contain sensitive business, personal, or regulated information and users do not realize artifacts are being stored locally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal