sec-analyst-master
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The installation instructions in
README.mdandreferences/mcp-setup.mddirect users to execute remote code vianpx -y octagon-mcpandnpx skills add OctagonAI/skills. These packages/scripts originate from 'OctagonAI', which is not a trusted source according to security policy. This allows for arbitrary code execution on the user's machine during setup. - [REMOTE_CODE_EXECUTION] (MEDIUM):
references/mcp-setup.mdinstructs users to install Homebrew using a 'curl | bash' pattern (/bin/bash -c "$(curl -fsSL ...)"). While Homebrew is a common tool, this pattern is a classic RCE vector and the source organization is not explicitly on the trusted whitelist. - [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8) as it is designed to ingest and process external content from SEC EDGAR filings.
- Ingestion Points: Item 1 (Business Description), Item 1A (Risk Factors), Item 7 (MD&A), and Footnotes from 10-K, 10-Q, and 8-K filings.
- Boundary Markers: Absent. There are no instructions or delimiters provided to the agent to treat filing text as untrusted data or to ignore embedded instructions.
- Capability Inventory: The skill generates long-form institutional-quality research reports (up to 15,000 words), meaning malicious content in a filing could significantly bias the agent's analysis and output.
- Sanitization: Absent. No evidence of escaping or filtering logic for the ingested external text.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill documentation encourages downloading tools and configuration from
github.com/OctagonAI, which is not a verified/trusted repository.
Recommendations
- AI detected serious security threats
Audit Metadata