cash-flow-statement
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The documentation in references/mcp-setup.md recommends installing Homebrew using a piped shell execution: /bin/bash -c "$(curl -fsSL ...)". This is a classic high-risk pattern for executing unverified remote scripts. Additionally, the skill relies on npx octagon-mcp, which downloads and executes code from an untrusted GitHub organization (OctagonAI).
- Command Execution (MEDIUM): Setup instructions for both Windows and Mac/Linux involve executing shell commands with environment variables (env, cmd /c, set) to run external packages. These commands are necessary for the skill's operation but facilitate the execution of unverified code.
- Indirect Prompt Injection (LOW): The skill processes financial data retrieved from an external tool (octagon-agent) without using boundary markers or sanitization. Evidence Chain: (1) Ingestion points: Data entering through the octagon-agent tool output. (2) Boundary markers: Absent. (3) Capability inventory: The skill itself is prompt-based and lacks internal subprocess or file-write capabilities. (4) Sanitization: Absent.
- Data Exposure & Exfiltration (LOW): The setup process involves handling a sensitive API key (OCTAGON_API_KEY). While the skill follows standard practices (placeholders and environment variables), the key is ultimately passed to an unverified remote package during execution.
Recommendations
- AI detected serious security threats
Audit Metadata