esg-ratings
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires installation of the 'octagon-mcp' and 'skills' packages via npx. These are not hosted by trusted organizations as defined in the security scope.
- REMOTE_CODE_EXECUTION (MEDIUM): The setup documentation (references/mcp-setup.md) includes a 'curl | bash' command for Homebrew installation. While common, this executes remote code without local verification.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection. Ingestion points: User-provided ticker symbols and metric requests are interpolated into the 'prompt' argument for the 'octagon-agent' tool in SKILL.md. Boundary markers: None are present to isolate untrusted user data. Capability inventory: The tool utilizes the Octagon MCP which has capabilities for web searching and data scraping. Sanitization: No sanitization or escaping of external content is performed before interpolation.
Audit Metadata