Long Research

The 'long-research' skill is designed for deep web research, utilizing powerful tools like `web_search`, `web_fetch`, and `browser-use` (which allows browser control, JavaScript execution, and local file system access for profiles/output). While the skill's documentation (SKILL.md) is exceptionally transparent about potential privacy implications (e.g., `browser-use.com` cloud mode, full skill text sent to model providers) and includes extensive self-auditing and control mechanisms for the agent, the inherent capabilities, particularly the `browser-use eval` command for arbitrary JavaScript execution within a browser context, represent a significant vulnerability risk. There is no clear evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints, persistence mechanisms, or unauthorized remote control. However, the broad permissions and powerful execution capabilities, even if intended for legitimate research, elevate it beyond 'benign' due to the potential for misuse or exploitation if the agent were compromised or given a malicious research target.