deep-dive

SUSPICIOUS. The skill’s purpose and core capabilities are mostly aligned for deep research, and there are no suspicious installers, credentials, or exfiltration endpoints. However, it combines heavy ingestion of untrusted web content with parallel agents and an unnecessary Bash permission, creating a material indirect prompt-injection and over-permission risk for an AI agent skill.