earnings-financial-guidance
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The README and setup documentation instruct users to run 'npx -y octagon-mcp' and 'npx skills add OctagonAI/skills'. OctagonAI is not on the list of trusted external sources, making this an unverified remote download and execution.
- [REMOTE_CODE_EXECUTION] (HIGH): Installation relies on 'npx' to fetch and run remote scripts at runtime. This method bypasses integrity verification and represents a significant security risk.
- [COMMAND_EXECUTION] (LOW): Users are prompted to execute manual shell commands for configuration, which is a standard but noteworthy manual step that increases the attack surface.
- [CREDENTIALS_UNSAFE] (LOW): The setup guide recommends storing the 'OCTAGON_API_KEY' in plain-text environment variables and local JSON configuration files.
- [INDIRECT_PROMPT_INJECTION] (HIGH): 1. Ingestion point: The skill ingests untrusted earnings transcripts in SKILL.md. 2. Boundary markers: There are no delimiters (e.g., XML tags or dividers) or instructions to ignore embedded commands. 3. Capability inventory: The agent utilizes the 'octagon-mcp' tool. 4. Sanitization: There is no process for sanitizing or filtering external content, creating a risk where malicious instructions within a financial document could hijack agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata