price-target-consensus
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references standard installation procedures for Homebrew using
curl | bashand Node.js. While piped remote execution is typically a high-risk pattern, Homebrew is a widely trusted industry-standard tool, which justifies a lower severity in this context. - [COMMAND_EXECUTION] (LOW): Setup instructions guide users to run the Octagon MCP server via
npx. This is a standard and expected mechanism for Model Context Protocol (MCP) tool execution. - [CREDENTIALS_UNSAFE] (INFO): The skill requires an
OCTAGON_API_KEY. It correctly instructs users to manage this via environment variables rather than hardcoding it in scripts, which aligns with security best practices for credential handling. - [REMOTE_CODE_EXECUTION] (LOW): The skill uses
npx -y octagon-mcp@latestto pull and run the tool. This constitutes remote code execution by design for the purpose of the skill's functionality. - [DATA_EXPOSURE] (INFO): The skill processes financial data from the Octagon API. This is the intended purpose of the skill and does not appear to involve unauthorized data access or exfiltration.
Audit Metadata