earnings-qa-analysis
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires downloading external tools and packages from the 'OctagonAI' GitHub repository and npm registry. This source is not recognized as a trusted provider within the security policy.
- REMOTE_CODE_EXECUTION (MEDIUM): The setup guide in 'README.md' and 'mcp-setup.md' instructs users to run 'npx -y octagon-mcp', which performs remote code execution by fetching and running a package directly from the npm registry. This execution occurs at runtime and depends on the integrity of a non-trusted third-party package.
- PROMPT_INJECTION (LOW): This skill identifies a surface for Indirect Prompt Injection (Category 8) as it processes external data from earnings call transcripts. Evidence Chain: 1. Ingestion points: Earnings call transcripts parsed via the Octagon MCP tool. 2. Boundary markers: Absent; the prompt templates do not use delimiters or warnings to ignore instructions within the transcript. 3. Capability inventory: The agent utilizes the 'octagon-mcp' tool to fetch and analyze content. 4. Sanitization: No evidence of input validation or content escaping for the transcripts.
- CREDENTIALS_UNSAFE (SAFE): No hardcoded credentials were found in the files; the skill correctly uses environment variables and placeholders for the required API key.
Audit Metadata