sec-mda-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (CRITICAL): The setup guide in 'references/mcp-setup.md' directs users to execute a remote script via '/bin/bash -c "$(curl -fsSL ...)"', which is a highly dangerous pattern allowing arbitrary code execution from a source (Homebrew) not explicitly in the trusted organizations list. Furthermore, the skill uses 'npx -y octagon-mcp' and 'npx skills add OctagonAI/skills', downloading and running code from an untrusted third-party provider.
- Indirect Prompt Injection (MEDIUM): The skill's core function is to ingest and analyze external Management Discussion and Analysis (MD&A) sections from SEC filings. This creates a surface for indirect prompt injection where malicious text in a filing could override agent instructions. * Ingestion points: Filing text is retrieved via the 'octagon-agent' tool as described in 'SKILL.md'. * Boundary markers: Absent; the skill does not suggest using delimiters to separate untrusted content from the agent prompt. * Capability inventory: The agent uses retrieved data for strategic analysis and decision support. * Sanitization: Absent; no validation or filtering of the external SEC data is mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata