sec-annual-comparison
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The setup guide in references/mcp-setup.md directs users to install Homebrew by piping a remote script to bash ('/bin/bash -c $(curl ...)'). This is a dangerous pattern that allows for arbitrary code execution from a source not on the trusted list.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill installs and runs unverified code from 'OctagonAI' using npx, bunx, and pnpm. This introduces risks of supply chain attacks or malicious package execution.
- [COMMAND_EXECUTION] (HIGH): Configuration involves environment variable injection and command-line execution of remote tools (npx -y octagon-mcp) which can be exploited if the package is compromised.
- [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection. 1. Ingestion points: octagon-agent reads SEC 10-K filings. 2. Boundary markers: Not present. 3. Capability inventory: Network access via octagon-agent. 4. Sanitization: Not specified. Malicious content within filings could manipulate agent behavior.
- [DATA_EXFILTRATION] (MEDIUM): The skill requires a third-party API key and sends requests to a non-whitelisted external domain (octagonai.co) through the MCP server.
Recommendations
- AI detected serious security threats
Audit Metadata