financial-growth
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill's setup instructions promote the execution of remote scripts and unverified packages. Specifically, references/mcp-setup.md recommends installing Homebrew via a piped bash command (curl | bash), and multiple files instruct the user to run unverified software via 'npx -y octagon-mcp@latest'.
- EXTERNAL_DOWNLOADS (HIGH): The skill depends on the 'octagon-mcp' package from the 'OctagonAI' organization, which is not among the trusted organizations. This allows for the execution of arbitrary code downloaded from a third-party registry.
- COMMAND_EXECUTION (HIGH): The configuration steps for integration with Cursor and Claude Desktop involve executing complex shell commands that include environment variables and package managers, which can be exploited if the agent context is manipulated.
- PROMPT_INJECTION (LOW): The skill processes external financial data and SEC filings through the 'octagon-agent' tool, creating a surface for indirect prompt injection.
- Ingestion points: Output from octagon-agent and octagon-scraper-agent.
- Boundary markers: None present in the prompt instructions to isolate external content.
- Capability inventory: The MCP server tools can perform web scraping and aggregate research.
- Sanitization: No sanitization or validation of the retrieved financial data is defined.
Recommendations
- AI detected serious security threats
Audit Metadata