commodities-quote
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill utilizes the
octagon-agentMCP tool, which accepts natural language prompts to retrieve external commodity data. This creates a surface for indirect prompt injection if the external data sources are compromised. Ingestion points:SKILL.md(via tool calls); Boundary markers: Absent; Capability inventory:octagon-agent(data retrieval),octagon-scraper-agent(web scraping); Sanitization: None. - External Downloads (SAFE): The setup instructions in
references/mcp-setup.mdrecommend installing Homebrew via a shell script and the Octagon MCP server vianpx. These are standard, manual environment setup steps for the user and are consistent with the skill's primary purpose.
Audit Metadata