Trust Assessment
deep-research received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 2 critical, 1 high, 4 medium, and 0 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Arbitrary file write via --output argument.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 26/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/24601/agent-deep-research/scripts/onboard.py:142 | |
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/24601/agent-deep-research/scripts/onboard.py:362 | |
| HIGH | Arbitrary file write via --output argument The `scripts/research.py` script allows an AI agent to specify an arbitrary file path for the `--output` argument when saving a research report. The script uses `pathlib.Path(output_file).write_text()` without sanitizing the path, which means an attacker could use path traversal sequences (e.g., `../../sensitive.txt`) or absolute paths (e.g., `/etc/passwd`) to write the report content to unintended locations on the filesystem. This could lead to data exfiltration, overwriting critical system files, or denial of service. Implement strict path sanitization for the `--output` argument. Ensure the path is relative to a designated output directory and does not contain `..` components that would allow directory traversal. Reject absolute paths. For example, resolve the path against a secure base directory and check if the resolved path is still within that base directory. | LLM | scripts/research.py:590 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/24601/agent-deep-research/scripts/onboard.py:271 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/24601/agent-deep-research/scripts/store.py:10 | |
| MEDIUM | Arbitrary directory creation via --output-dir argument The `scripts/research.py` and `scripts/store.py` scripts allow an AI agent to specify an arbitrary directory path for the `--output-dir` argument. The scripts use `pathlib.Path(output_dir).mkdir(parents=True, exist_ok=True)` without sanitizing the path. This means an attacker could use path traversal sequences (e.g., `../../sensitive_dir`) or absolute paths (e.g., `/etc/new_dir`) to create directories in unintended locations on the filesystem. While the content written into these directories is typically within a subdirectory (e.g., `research-{id}`), the ability to create arbitrary directories can be abused for denial of service (filling up disk space in critical locations) or to prepare for other attacks. Implement strict path sanitization for the `--output-dir` argument. Ensure the path is relative to a designated output directory and does not contain `..` components that would allow directory traversal. Reject absolute paths. For example, resolve the path against a secure base directory and check if the resolved path is still within that base directory. | LLM | scripts/research.py:607 | |
| MEDIUM | Arbitrary directory creation via --output-dir argument The `scripts/research.py` and `scripts/store.py` scripts allow an AI agent to specify an arbitrary directory path for the `--output-dir` argument. The scripts use `pathlib.Path(output_dir).mkdir(parents=True, exist_ok=True)` without sanitizing the path. This means an attacker could use path traversal sequences (e.g., `../../sensitive_dir`) or absolute paths (e.g., `/etc/new_dir`) to create directories in unintended locations on the filesystem. While the content written into these directories is typically within a subdirectory (e.g., `research-{id}`), the ability to create arbitrary directories can be abused for denial of service (filling up disk space in critical locations) or to prepare for other attacks. Implement strict path sanitization for the `--output-dir` argument. Ensure the path is relative to a designated output directory and does not contain `..` components that would allow directory traversal. Reject absolute paths. For example, resolve the path against a secure base directory and check if the resolved path is still within that base directory. | LLM | scripts/store.py:170 |
Scan History
Embed Code
[](https://skillshield.io/report/e7176c8bcd770f47)
Powered by SkillShield