run-research

The skill's stated purpose (researching a topic across multiple public sources and delivering findings) is coherent with its design to fetch data from Reddit, X, YouTube, and the web. However, there are significant security concerns: it prescribes downloading and executing external installers from unverified endpoints, it handles secrets, and it may forward credentials to third-party tools. These patterns create supply-chain, credential, and data-flow risks that are disproportionate to a benign research helper. The footprint would be acceptable only if installations are strictly from verified official registries or pre-approved, signed binaries, and secrets handling is minimized with explicit user consent and sandboxing. Until such controls are in place, classify as SUSPICIOUS to HIGH RISK due to download-execute patterns, credential exposure potential, and third-party tool installation.