Skills
skills/octagonai/skills/sec-8k-analysis/Gen Agent Trust Hub

sec-8k-analysis

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The setup instructions in references/mcp-setup.md promote executing a remote script from an unverified source (Homebrew/install) directly in the shell using the curl | bash pattern: /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)". This allows for arbitrary code execution from a third-party source not listed in the trusted organizations.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on npx to download and execute octagon-mcp and a skills manager from the OctagonAI GitHub account at runtime. Neither the package nor the organization is on the verified trusted list, posing a supply-chain risk.\n- [PROMPT_INJECTION] (MEDIUM): The skill processes untrusted external data (SEC 8-K filings), creating a vulnerability to Indirect Prompt Injection. \n
  • Ingestion points: Filing data enters the agent context via the octagon-agent tool call defined in SKILL.md. \n
  • Boundary markers: None identified in the prompt workflow to distinguish instructions from data. \n
  • Capability inventory: The agent uses the filing content to generate material event summaries and corporate change assessments, directly influencing the user's reasoning. \n
  • Sanitization: No validation or instruction-filtering for filing content is defined in the workflow.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 05:33 AM