The Agent Skills Directory

REMOTE_CODE_EXECUTION (CRITICAL): The file references/mcp-setup.md instructs users to install prerequisites using curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh | bash. This pattern of piping remote content directly into a shell is a critical security risk that allows for arbitrary code execution if the source or the transmission is compromised.
EXTERNAL_DOWNLOADS (HIGH): The skill's primary installation and configuration methods (npx skills add OctagonAI/skills and npx -y octagon-mcp@latest) download and execute code from external, unverified sources. The reliance on unversioned or '@latest' packages exposes users to supply chain attacks where a compromised package version would be automatically executed.
PROMPT_INJECTION (HIGH): (Category 8: Indirect Prompt Injection) The skill is designed to process user-controlled parameters and interpolate them into prompts for an external agent with web-access and scraping capabilities. This creates a significant vulnerability surface where malicious instructions embedded in financial data or third-party websites could hijack the agent's behavior.
Ingestion points: SKILL.md (Workflow Step 2) processes <DATE>, <EXCHANGE>, and <SECTOR> parameters.
Boundary markers: Absent; user inputs are directly concatenated into the natural language prompt.
Capability inventory: The octagon-agent and associated tools can access SEC filings, financial data, and scrape web content.
Sanitization: No validation or escaping of external content is specified before the data is processed by the agent.
COMMAND_EXECUTION (MEDIUM): The setup instructions for Windows and macOS recommend executing shell commands that include the OCTAGON_API_KEY as an environment variable (env OCTAGON_API_KEY=... or set OCTAGON_API_KEY=...). This practice can expose the sensitive API key to process trees and system logs.

sector-pe-ratios