revenue-geographic-segmentation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The setup guide in
references/mcp-setup.mdprovides an installation command for Homebrew usingcurl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh | bash. This is a high-severity RCE pattern that executes remote code without verification.\n- [EXTERNAL_DOWNLOADS] (HIGH): The skill utilizesnpx -y octagon-mcpornpx -y octagon-mcp@latestto run its core functionality. SinceOctagonAIis not on the trusted source list, this involves executing an unvetted external dependency.\n- [COMMAND_EXECUTION] (HIGH): Configuration for tools like Cursor and Windows environments relies on executing shell commands viaenvandcmd /cto set up the MCP server, which is a risk for shell-based injection attacks.\n- [CREDENTIALS_UNSAFE] (HIGH): The installation instructions direct users to embed their rawOCTAGON_API_KEYdirectly into shell command strings and configuration files, exposing them to shell history and other users on the system.\n- [PROMPT_INJECTION] (MEDIUM): The skill exhibits an Indirect Prompt Injection surface (Category 8) by processing financial data from an external API without boundary markers.\n - Ingestion points: Data returned from the
octagon-agenttool.\n - Boundary markers: Absent in the primary
SKILL.mdquery structure.\n - Capability inventory: Tool calls to the
octagon-mcpserver which can execute shell commands vianpx.\n - Sanitization: None provided in the instructions.
Recommendations
- AI detected serious security threats
Audit Metadata