Deep Research

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only deep research skill that delegates searches and hands back research artifacts, with no code, persistence, credentials, or hidden install behavior.

Install this for ordinary multi-source research tasks, not for sensitive or private document review. It is designed to fan out work to multiple search agents and preserve research artifacts, including logs, so do not provide secrets, regulated data, or confidential attachments unless that full handoff behavior is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Ssd 3

High

Confidence: 99% confidence
Finding: The skill repeatedly instructs the agent to read, preserve, and hand over every report, log, and user-uploaded attachment without filtering or minimization. That creates a direct natural-language exfiltration path for sensitive data, internal chain-of-thought-like logs, secrets in attachments, or irrelevant personal information to be propagated to higher-level agents or users.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal