deep-research

This skill's stated purpose (RAG-grounded deep research using Google Gemini) is coherent with its capabilities: it reads a Google/Gemini API key, uploads user-specified local files to Gemini file-search, polls the Gemini deep-research agent, and writes structured local outputs. The main security concerns are not hidden malware but the legitimate ability to exfiltrate local files to a remote service and the potential for autonomous agents to perform uploads/deletes without interactive confirmation. These behaviors are expected given the functionality, but they are high-impact: an agent or script with filesystem access plus the required API key can upload arbitrary files (unless names match exclusion rules), and non-interactive auto-confirm enables automation/exfiltration. There are no obvious signs of obfuscation, third-party proxying of credentials, curl|bash download-execute patterns, or embedded malicious payloads in the provided manifest. Recommend: (1) validate the implementation to ensure API keys are never logged or sent to non-Google endpoints, (2) restrict the agent's filesystem access when using non-interactive mode and prefer --dry-run when evaluating unknown contexts, (3) audit the upload filter implementation to ensure sensitive files are reliably excluded, and (4) document and (optionally) enforce a least-privilege API key scope. Overall this is a useful but sensitive tool with medium-high operational risk when used by autonomous agents.