sec-cash-flow-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (CRITICAL): File
references/mcp-setup.mdinstructs users to install Homebrew usingcurl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh | bash. Piping a remote script directly to a shell from an untrusted source (Homebrew is not in the TRUST-SCOPE-RULE list) is a critical security vulnerability that can lead to system compromise. - [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill directs users to install and run code using
npx skills addandnpx -y octagon-mcp. These commands download and execute code from an unverified third-party ('OctagonAI') which is not a trusted source. - [Indirect Prompt Injection] (LOW): The skill ingests data from external SEC filings. 1. Ingestion points: SEC 10-K and 10-Q filings are retrieved via the
octagon-agenttool. 2. Boundary markers: None identified. 3. Capability inventory: Theoctagon-agentprovides analysis and research summaries. 4. Sanitization: No evidence of sanitization of filing content. - [Data Exposure & Exfiltration] (LOW): The configuration instructions recommend setting
OCTAGON_API_KEYin environment variables or configuration files. While standard for many tools, this exposes the credential to any process able to read the environment or local configuration.
Recommendations
- AI detected serious security threats
Audit Metadata