sec-segment-reporting
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The mcp-setup.md file instructs Mac users to install Homebrew by piping a remote script directly into bash ('curl -fsSL ... | bash'), which is a critical security risk that can lead to complete system compromise if the remote source is compromised.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructions (README.md, mcp-setup.md) rely on 'npx -y octagon-mcp' to download and execute code from an unverified npm package at runtime. This source is not within the Trusted Source Scope defined for this analysis.
- [CREDENTIALS_UNSAFE] (HIGH): Setup guides advise users to hardcode their OCTAGON_API_KEY in environment variables or plaintext configuration files (claude_desktop_config.json, model_config.json), which significantly increases the risk of credential exposure.
- [PROMPT_INJECTION] (LOW): The skill processes untrusted external data from SEC filings without the use of boundary markers or sanitization, creating an indirect prompt injection surface. Evidence: 1. Ingestion: octagon-agent reads 10-K and 10-Q filings from the SEC; 2. Boundary markers: Absent; 3. Capability inventory: Data is used for reasoning and generating financial analysis; 4. Sanitization: No sanitization of the filing content is performed.
Recommendations
- AI detected serious security threats
Audit Metadata