Auto Research

The skill is classified as suspicious primarily due to the dynamic generation and execution of a Python script (`research-ingest.py`) from a heredoc within `vectorize.sh`. While the generated script's current content is benign and serves the stated purpose of vectorizing research data to Qdrant via OpenAI embeddings, this pattern represents a significant vulnerability; if `vectorize.sh` were compromised, an attacker could inject arbitrary code into the generated Python script, leading to remote code execution. Additionally, `research.sh` includes a hardcoded default Brave API key, which is a weak security practice, and the `research-ingest.py` script sends research content to OpenAI for embeddings, which, while intended, involves data leaving the local system.