Skills
skills/octagonai/skills/balance-sheet-growth/Gen Agent Trust Hub

balance-sheet-growth

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
  • Indirect Prompt Injection (LOW): The skill ingests financial data from the external octagon-mcp server. This represents a potential surface for indirect injection if the source data were maliciously crafted.
  • Ingestion points: SKILL.md (via octagon-mcp tool call).
  • Boundary markers: None defined to isolate tool output.
  • Capability inventory: Data retrieval and analysis; no dangerous system capabilities exposed.
  • Sanitization: No explicit sanitization of tool output before display.
  • External Downloads & Remote Code Execution (LOW): Setup instructions in README.md and references/mcp-setup.md require the user to run npx -y octagon-mcp. This downloads and executes code from npm. While OctagonAI is not in the predefined trusted list, this is a standard setup procedure for this tool and is required for its primary purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:23 PM