deep-research

The skill’s capabilities are mostly aligned with its stated purpose: researching topics, reading local context, browsing the web, and writing reports. The main risk is scope: it combines untrusted web ingestion, local file access, browser automation, and file/script output, which is a meaningful agent security surface even if coherent for a research workflow. The diagram-script dependency and remote version check add supply-chain/trust considerations, but there is no clear credential harvesting, covert exfiltration, or fundamentally mismatched behavior in the skill text provided. Overall classification: SUSPICIOUS due to broad research-and-write permissions and indirect dependency trust, not because of confirmed malicious intent.