google-deep-research
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to Google's official API at
generativelanguage.googleapis.comto conduct research. This is a well-known and trusted service for AI-assisted investigation. - [COMMAND_EXECUTION]: The provided Python snippets use standard libraries such as
pathlibandrequeststo manage local directories and save research findings. These operations are limited to the agent's working environment and are consistent with the skill's stated purpose of generating reports. - [CREDENTIALS_UNSAFE]: The documentation demonstrates how to pass API keys via headers but explicitly advises users to store these keys securely in environment variables or secure storage rather than hardcoding them in scripts. The provided code examples use placeholders (e.g.,
<API_KEY>andAIzaSy...) that do not contain actual secrets. - [DATA_EXFILTRATION]: While the skill transmits user-provided research queries to Google, this is the core function of the service. All communications use HTTPS, and no evidence of exfiltration to unauthorized third-party domains was found.
Audit Metadata