deep-research

Warn

Audited by Socket on Jul 8, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the skill’s stated purpose is coherent, but it mixes untrusted web ingestion with file-writing and Bash access, and it explicitly installs/clones additional skill content from GitHub. The main concerns are transitive trust and prompt-injection exposure rather than confirmed malware or credential theft.

Confidence: 84%Severity: 72%
Audit Metadata
Analyzed At
Jul 8, 2026, 03:32 PM
Package URL
pkg:socket/skills-sh/akillness%2Foh-my-skills%2Fdeep-research%2F@3eb674a207b9e5835868adf9e2c6576e2fcf751f60d0382e5581347e798f1bc5
Security Audit — socket — deep-research