The Agent Skills Directory

Remote Code Execution (CRITICAL): The setup documentation in references/mcp-setup.md directs users to execute a remote script using the command curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh | bash. This pattern is a major security risk as it allows for arbitrary code execution from a source that is not listed as a trusted organization.\n- External Downloads (HIGH): The skill requires the use of npx -y octagon-mcp to run the underlying server. This command downloads and executes a package from the npm registry at runtime. Since 'OctagonAI' is not a trusted source per the analysis guidelines, this constitutes execution of unverified remote code.\n- Indirect Prompt Injection (LOW): The skill processes external SEC filings for analysis. While the risk is currently low due to the limited capability (summarization), the ingestion of external data without sanitization or boundary markers creates a surface for indirect prompt injection. \n
Ingestion point: octagon-agent tool in SKILL.md.\n
Boundary markers: Absent.\n
Capability inventory: Tool performs extraction and categorization; setup requires command-line execution.\n
Sanitization: Not specified in documentation or workflow.

sec-risk-factors