deep-research
Warn
Audited by Socket on Jul 8, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the skill’s stated purpose is coherent, but it mixes untrusted web ingestion with file-writing and Bash access, and it explicitly installs/clones additional skill content from GitHub. The main concerns are transitive trust and prompt-injection exposure rather than confirmed malware or credential theft.
Confidence: 84%Severity: 72%
Audit Metadata