Skills
skills/octagonai/skills/analyst-estimates/Gen Agent Trust Hub

analyst-estimates

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the octagon-mcp package via npx. This source is not on the trusted list of organizations, making it an unverifiable dependency.
  • REMOTE_CODE_EXECUTION (MEDIUM): The octagon-mcp server is executed dynamically using npx -y, which fetches and runs code at runtime, presenting a risk if the package is compromised.
  • COMMAND_EXECUTION (LOW): Installation instructions in references/mcp-setup.md include a curl | bash command for Homebrew. While standard for that tool, it is an insecure pattern for remote script execution.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill interpolates user-provided tickers directly into tool prompts without sanitization. Evidence: 1. Ingestion: <TICKER> and <N> variables in SKILL.md. 2. Boundaries: Absent in the JSON MCP payload. 3. Capability: Access to the octagon-agent tool. 4. Sanitization: None defined in the skill instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:27 PM