earnings-product-pipeline
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The README and setup files instruct users to run 'npx -y octagon-mcp' and 'npx skills add OctagonAI/skills'. These commands download and execute code from the npm registry at runtime. Since 'OctagonAI' is not on the trusted sources list, this constitutes execution of unverified remote code.
- PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted earnings transcripts without security boundaries. -- Ingestion points: Earnings call transcripts analyzed via the 'octagon-mcp' tool in SKILL.md. -- Boundary markers: Absent; no delimiters or 'ignore' instructions are used to separate external content from instructions. -- Capability inventory: The skill performs extraction and reasoning which influences the agent's financial analysis. -- Sanitization: No sanitization or filtering of transcript content is implemented.
- EXTERNAL_DOWNLOADS (LOW): Installation instructions recommend installing Homebrew via a piped curl command (curl | bash). While a standard procedure for that tool, it represents an unverified remote script execution.
Recommendations
- AI detected serious security threats
Audit Metadata