Skills
skills/octagonai/skills/stock-performance/Gen Agent Trust Hub

stock-performance

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The instructions in README.md and references/mcp-setup.md mandate the execution of npx -y octagon-mcp@latest. This pattern downloads and runs arbitrary code from a non-whitelisted source (OctagonAI) on the host machine.
  • [REMOTE_CODE_EXECUTION] (HIGH): The use of npx -y bypasses package installation confirmation, allowing for immediate execution of a remote package in the user's shell environment.
  • [PROMPT_INJECTION] (MEDIUM): The skill (specifically the octagon-agent tool) ingests untrusted data from the octagon-web-search-agent. This creates an indirect prompt injection surface (Category 8).
  • Ingestion points: Data entering through octagon-web-search-agent as noted in SKILL.md.
  • Boundary markers: Absent. The workflow does not specify delimiters or instructions to ignore embedded commands in the external data.
  • Capability inventory: The agent utilizes the octagon-agent tool to process natural language prompts and return structured financial data.
  • Sanitization: None detected. There is no evidence of filtering or escaping logic for the content retrieved from external sources.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:22 AM