The Agent Skills Directory

REMOTE_CODE_EXECUTION (CRITICAL): The file references/mcp-setup.md instructs users to install Homebrew by piping a remote script directly into the shell: curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh | bash. This is a classic RCE pattern that executes unverified remote code with the user's privileges.
REMOTE_CODE_EXECUTION (HIGH): The skill relies on npx -y octagon-mcp (in README.md and references/mcp-setup.md) to run the required MCP server. This command downloads and executes the latest version of the octagon-mcp package from the npm registry at runtime. Since OctagonAI is not in the list of trusted organizations, this is the execution of untrusted remote code.
CREDENTIALS_UNSAFE (HIGH): The configuration instructions for Cursor and Windows command prompt suggest embedding the OCTAGON_API_KEY directly into the command string (e.g., env OCTAGON_API_KEY=<your-api-key> ...). This practice causes sensitive credentials to be stored in plain text in shell history files (like .bash_history), where they can be accessed by other users or malicious processes.
EXTERNAL_DOWNLOADS (MEDIUM): The skill requires several external dependencies including Node.js, Homebrew, and the Octagon MCP server. These external sources are not verified for integrity by the skill itself, increasing the system's attack surface.
PROMPT_INJECTION (LOW): The skill exhibits an Indirect Prompt Injection surface (Category 8) because it processes external, untrusted earnings call transcripts.
Ingestion points: Untrusted data enters via the Octagon MCP tool outputs.
Boundary markers: None identified in the skill instructions.
Capability inventory: Limited to summarization, quote extraction, and reasoning. No direct file-write or network-send capabilities are present in the skill's own logic.
Sanitization: No evidence of sanitization or filtering of the transcript content before processing.

earnings-mgmt-comments