deep-research

SUSPICIOUS: the core purpose matches the capability, and the prompt goes to Google’s official Gemini service, but the skill relies on a locally run automation script plus an MQTT-controlled browser proxy extension whose provenance is not established in the evidence. Risk is moderate rather than malicious: acceptable purpose alignment, but unresolved install-trust and prompt-injection exposure keep it from benign.