revenue-product-segmentation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The setup instructions in
references/mcp-setup.mdinclude the official Homebrew installation command (curl -fsSL ... | bash). While this is a standard method for installing prerequisites, it involves executing a remote script directly in the shell. - REMOTE_CODE_EXECUTION (LOW): The skill's documentation suggests running the
octagon-mcpserver and theskillsutility usingnpx. This pattern involves downloading and executing code from the npm registry at runtime. - PROMPT_INJECTION (SAFE): The prompt templates in
SKILL.mdare well-defined for financial data retrieval and do not contain instructions that attempt to bypass AI safety filters or extract system prompts. - DATA_EXFILTRATION (SAFE): No patterns for unauthorized data access or credential theft were detected. The skill correctly uses environment variables for API key management and targets legitimate financial data sources.
Audit Metadata