balance-sheet
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The file
references/mcp-setup.mdinstructs users to install Homebrew by piping a remote script directly to bash (curl -fsSL ... | bash). This is a critical vulnerability as the remote script could be maliciously modified. - EXTERNAL_DOWNLOADS (HIGH): The skill relies on
npx -y octagon-mcpandnpx skills add, which download and execute code from the npm registry at runtime from an untrusted source (OctagonAI). - COMMAND_EXECUTION (HIGH): Setup procedures for Cursor, Claude, and Windsurf require executing shell commands to set environment variables and initialize MCP servers.
- CREDENTIALS_UNSAFE (MEDIUM): Users are encouraged to store their
OCTAGON_API_KEYin plaintext within environment variables and configuration files, increasing the risk of credential leakage. - PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) through external data ingestion. 1. Ingestion points: Data returned from the
octagon-agenttool inSKILL.md. 2. Boundary markers: None; external financial data is processed directly as a table. 3. Capability inventory: The agent performs reasoning and generates follow-up queries based on the external content. 4. Sanitization: No validation or sanitization of the API-provided data is mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata