income-statement-growth
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The setup instructions in
references/mcp-setup.mdrecommend installing Homebrew using/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)". Piped remote script execution is a critical vulnerability that allows arbitrary code execution from a source not listed in the trusted scope. - [EXTERNAL_DOWNLOADS] (HIGH): The skill documentation encourages the use of
npx -y octagon-mcp@latestandnpx skills add OctagonAI/skills, which fetches and executes code from third-party sources (OctagonAI) not included in the trusted organizational list. This poses a risk of supply chain attacks. - [PROMPT_INJECTION] (MEDIUM): (Category 8: Indirect Prompt Injection). The skill utilizes the
octagon-agenttool to process untrusted external data, such as SEC filings and financial websites. This introduces a surface where instructions embedded in financial reports could manipulate the agent's analysis. - Ingestion points: External data sources via
octagon-agent(referenced inSKILL.mdandreferences/mcp-setup.md). - Boundary markers: None identified in the prompt templates or instructions.
- Capability inventory: The agent uses the data to generate observations and suggested follow-up queries, influencing downstream reasoning.
- Sanitization: No evidence of input sanitization or validation of the external content.
- [COMMAND_EXECUTION] (MEDIUM): Configuration instructions for Cursor and Windows require users to run shell commands that set environment variables (e.g.,
cmd /c "set OCTAGON_API_KEY=... && npx ..."). While common for setup, this involves executing complex command strings with sensitive environment variables.
Recommendations
- AI detected serious security threats
Audit Metadata