The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): In references/mcp-setup.md, the skill recommends a system installation pattern for Homebrew using curl -fsSL ... | bash. Executing remote scripts directly in a shell environment is a high-risk pattern that allows for arbitrary code execution.
EXTERNAL_DOWNLOADS (HIGH): The skill documentation (README.md and mcp-setup.md) encourages users to install and run packages from OctagonAI, which is not an established trusted organization. The command npx -y octagon-mcp downloads and executes code from a remote registry without version pinning or integrity verification.
COMMAND_EXECUTION (HIGH): The skill relies on an external MCP server (octagon-mcp) to perform its core functions. This requires the agent to execute shell commands to start the server and pass environment variables (including sensitive API keys), which increases the potential for command injection or environment variable leakage.
PROMPT_INJECTION (MEDIUM): As categorized under Category 8 (Indirect Prompt Injection), the skill is designed to ingest and analyze untrusted external content via octagon-scraper-agent and octagon-deep-research-agent.
Ingestion points: External financial websites, SEC filings, and research reports.
Boundary markers: None identified in the prompt templates (e.g., references/skill-*.md).
Capability inventory: The skill uses tools to summarize, research, and aggregate data into a report. While primarily focused on output generation, the lack of sanitization or delimiters (e.g., in references/report-template.md) allows malicious instructions embedded in scraped data to potentially manipulate the agent's analysis or final report findings.

financial-analyst-master