sec-proxy-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Remote Code Execution (CRITICAL): The setup guide (references/mcp-setup.md) instructs users to install Homebrew using the 'curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh | bash' pattern. This executes an unverified script from the internet with the user's shell privileges, which is a major system compromise risk.
- External Downloads (HIGH): The skill requires installing and running the 'octagon-mcp' and 'skills' packages via 'npx'. These are third-party tools from 'OctagonAI', which is not in the trusted source list, posing a supply-chain risk.
- Prompt Injection (MEDIUM): The skill processes external SEC filings and web data that could contain malicious instructions (Indirect Prompt Injection) designed to manipulate the agent's reasoning.
- Ingestion points: octagon-sec-agent and octagon-web-search-agent.
- Boundary markers: None used in the prompt templates.
- Capability inventory: Informational research and analysis.
- Sanitization: No evidence of content validation or filtering for fetched data.
Recommendations
- AI detected serious security threats
Audit Metadata