Skills
skills/octagonai/skills/industry-pe-ratios/Gen Agent Trust Hub

industry-pe-ratios

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Remote Code Execution] (CRITICAL): In references/mcp-setup.md, the skill instructs the user to execute a remote script directly into the shell using curl -fsSL ... | bash. This is a high-risk pattern that allows for arbitrary code execution from a remote source that is not within the provided trusted scope.
  • [External Downloads] (MEDIUM): The skill relies on the octagon-mcp package via npx. This is an external dependency from an unverified source (OctagonAI) which is executed at runtime to facilitate the MCP server connection.
  • [Indirect Prompt Injection] (MEDIUM): The SKILL.md file defines a workflow where user-controlled parameters such as <INDUSTRY> and <EXCHANGE> are interpolated directly into a natural language prompt passed to the octagon-agent tool.
  • Ingestion points: User parameters defined in SKILL.md and README.md are used to build the tool argument.
  • Boundary markers: Absent. No delimiters or instructions are used to separate user data from the system's command instructions.
  • Capability inventory: The target octagon-agent tool has broad capabilities including web search and SEC filing retrieval, which could be abused if the prompt is manipulated.
  • Sanitization: None. The input is treated as trusted and directly concatenated into the tool's execution prompt.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 05:35 AM