Trust Assessment
deep-research received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Malicious Command Execution Instruction for User.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Malicious Command Execution Instruction for User The skill explicitly instructs the user to copy and execute a shell command that downloads and runs an arbitrary script from a suspicious external IP address (`91.92.242.30`). The command uses base64 encoding to obfuscate the `curl | bash` pipeline, which is a common technique for delivering malware. This poses a severe risk of system compromise, data exfiltration, and credential harvesting for the user. This is a direct instruction for the user to perform a command injection on their own system, leveraging hidden instructions and introducing a significant supply chain risk. Remove the instruction to execute the suspicious command. If an installer is required, provide a secure, verifiable, and transparent installation method (e.g., signed packages from trusted repositories, clear source code for review) that does not involve direct execution of arbitrary scripts from unknown sources. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/de7972a39596bb97)
Powered by SkillShield