deep-research

This skill's stated purpose (systematic deep research saved to disk) matches its capabilities, but it carries moderate supply-chain and data-exposure risks. The primary concerns are: (1) transitive skill loading (openalex-paper-search) which creates a supply-chain/trust escalation vector, (2) broad local filesystem access and aggressive persistence of untrusted scraped content to disk without sanitization, and (3) high risk of indirect prompt injection because the agent consumes arbitrary external natural-language content and uses it to drive actions and produce outputs. There is no direct evidence of malware, credential-harvesting endpoints, or download-and-execute chains in the provided text, but the combination of capabilities is proportionally powerful and should be constrained: require explicit user authorization before accessing non-research files, sandbox or sanitize persisted content, vet and pin transitive skills or avoid automatic skill installation, and add explicit defenses against prompt injection when processing scraped pages.