earnings-analyst-master
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill instructions require the user to execute
npx -y octagon-mcp, which downloads and runs code from the npm registry. The authorOctagonAIis not a trusted provider, and the execution of unverified remote code is a critical security risk. - COMMAND_EXECUTION (HIGH): The setup process for both Windows and macOS involves manual shell command execution to set environment variables and run remote packages (e.g.,
cmd /c "set OCTAGON_API_KEY=..."). - EXTERNAL_DOWNLOADS (MEDIUM): The documentation suggests installing Homebrew using a
curl | bashpipe fromraw.githubusercontent.com. While the domain is whitelisted for exfiltration, the specific repository (Homebrew/install) is not on the trusted list, and piping remote scripts directly to a shell is a dangerous practice. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to indirect prompt injection (Category 8). It is designed to ingest and analyze external earnings call transcripts, which are untrusted data sources.
- Ingestion points: Earnings call transcripts are processed via
octagon-transcripts-agentin multiple workflow phases. - Boundary markers: There are no delimiters or instructions to ignore embedded commands within the processed transcripts.
- Capability inventory: The skill utilizes tools with high capability, including
octagon-scraper-agent(web scraping),octagon-deep-research-agent, andoctagon-agent(general market intelligence). - Sanitization: No evidence of sanitization, filtering, or validation of external content before it is interpolated into agent prompts.
Recommendations
- AI detected serious security threats
Audit Metadata