local-deep-research-guide
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides installation instructions for the 'local-deep-research' package using standard tools like pip and git. The repository referenced (LearningCircuit/local-deep-research) appears to be a legitimate open-source project for academic research.
- [SAFE]: Credential management instructions follow industry best practices, guiding the user to export API keys as environment variables rather than hardcoding them within configuration files or scripts.
- [SAFE]: The tool possesses an indirect prompt injection surface due to its core functionality of ingesting untrusted data from over 10 academic and web sources. This risk is inherent to the primary purpose of a deep-research agent and is mitigated by the tool's transparency and support for private, local LLM backends.
- Ingestion points: Results from Google Scholar, OpenAlex, arXiv, PubMed, Wikipedia, and various web search engines.
- Boundary markers: Not explicitly detailed in the instructional guide.
- Capability inventory: Performs network-based searching across multiple APIs and web scraping; writes research reports to the local file system in Markdown and HTML formats.
- Sanitization: Not specified in the guide, which is standard for research synthesizers where the LLM is expected to interpret the content.
Audit Metadata