Back to skill

Security audit

Deep Research Strategy

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only deep-research coordinator that delegates research tasks and preserves returned reports/logs, with no code, persistence, credential use, or hidden execution shown.

Install this for research tasks where multi-agent, multi-source investigation is expected. Avoid using it with confidential topics, private documents, credentials, or sensitive business data unless you are comfortable with research queries and all returned reports/logs being passed through the available search agents and included with the final result.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill explicitly requires forwarding all research reports and logs, with no filtering or minimization, and also mandates reading every returned document. In a deep-research context, subordinate outputs and logs can contain sensitive user data, internal notes, retrieved secrets, access tokens, URLs with credentials, or copyrighted/private material, so mandatory wholesale handoff creates a real risk of data exfiltration and over-disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.