sec-amendments-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): In
references/mcp-setup.md, the installation instructions for Homebrew utilize thecurl -fsSL [URL] | bashpattern. Since the Homebrew repository is not included in the defined list of Trusted GitHub Organizations, this is classified as a critical-severity remote execution vulnerability. - EXTERNAL_DOWNLOADS (HIGH): The skill requires the installation of
octagon-mcpvianpxand is itself installed via an untrusted command (npx skills add OctagonAI/skills). These packages originate from untrusted third-party sources and execute with full user privileges. - PROMPT_INJECTION (HIGH): The skill is highly susceptible to indirect prompt injection (Category 8) because it is designed to ingest and process untrusted external content such as SEC filings and web search results. \n
- Ingestion points:
SKILL.mdandreferences/mcp-setup.mddetail tools (octagon-agent,octagon-scraper-agent) that read external company filings and live web data. \n - Boundary markers: Absent. The prompts do not use delimiters or instructions to isolate external data from the agent's core instructions. \n
- Capability inventory: Includes complex research tools and network-enabled agents capable of influencing the agent's final reasoning and output. \n
- Sanitization: No evidence of data sanitization or filtering is present.
- COMMAND_EXECUTION (MEDIUM): The skill's setup process involves the use of dynamic shell commands to configure environment variables and execute packages (
env OCTAGON_API_KEY=... npx -y octagon-mcp), which could be leveraged for execution hijacking if the environment is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata