sec-annual-comparison

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill invokes the Octagon MCP tools (e.g., octagon-agent and octagon-scraper-agent) to fetch and analyze public 10‑K filings and financial web sources (e.g., SEC/EDGAR and other financial websites), so the agent ingests and interprets open third‑party content as part of its workflow, which could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the Octagon MCP tool at runtime via commands like "npx -y octagon-mcp", which fetches and executes remote code (the Octagon MCP package referenced at https://github.com/OctagonAI/octagon-mcp), so it relies on a runtime external dependency that executes code.