The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill's setup instructions guide users to download the octagon-mcp package via npx. The author OctagonAI is not in the trusted source list, making this an unverified external dependency. Evidence: Installation commands in README.md and references/mcp-setup.md.
[REMOTE_CODE_EXECUTION] (MEDIUM): The skill configures the agent to execute the octagon-mcp tool. Running unverified code from an external package allows for arbitrary command execution within the agent's environment.
[COMMAND_EXECUTION] (MEDIUM): Setup documentation recommends running shell commands (e.g., env, cmd /c, npx) to configure environment variables. While necessary for the tool, these instructions could be leveraged to execute malicious payloads if the user-provided inputs are not carefully managed.
[PROMPT_INJECTION] (MEDIUM): This finding refers to Category 8 (Indirect Prompt Injection). The skill ingests untrusted data from external financial sources via the octagon-agent tool. 1. Ingestion points: octagon-agent tool (referenced in SKILL.md). 2. Boundary markers: Absent; no specific delimiters or ignore-instructions warnings are provided. 3. Capability inventory: The data is used for analysis and summary, influencing the agent's output and reasoning. 4. Sanitization: Absent; no evidence of filtering or escaping external data before it enters the context.

historical-market-cap