deep-research

No direct malicious code or obvious exfiltration/backdoor behavior found in this artifact. The primary security concern is architectural: the skill implements an automated cross-skill handoff and spawns parallel Tasks, which expands the trusted computing base. If the runtime and the plugin-improve/Task components are properly sandboxed and conversation/context is sanitized before handoff, the risk is low. Recommended mitigations: (1) enforce and audit runtime invariants (read-only enforcement), (2) sanitize/filter conversation history and context before passing to plugin-improve, (3) restrict plugin-improve and Task tool privileges to the minimum necessary, and (4) log and require explicit interactive confirmation for the handoff event to prevent spoofing. Otherwise, the artifact can be considered benign but with moderate operational risk.