neural-training
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill documentation includes commands using 'npx claude-flow'. 'npx' is a package runner that downloads and executes code from the NPM registry at runtime if not locally available. The 'claude-flow' package is not among the verified trusted sources, making this an unverifiable dependency.\n- [COMMAND_EXECUTION] (MEDIUM): The skill encourages the execution of several shell commands ('train', 'status', 'patterns', 'predict', 'optimize') that depend on an external, untrusted utility.\n- [REMOTE_CODE_EXECUTION] (MEDIUM): Because 'npx' fetches code from a remote public registry and executes it on the host system, this represents a potential remote code execution vector for untrusted software.\n- [PROMPT_INJECTION] (LOW): The 'predict' command demonstrates a vulnerability to indirect prompt injection (Category 8).\n
- Ingestion points: Untrusted user input via the '--input' flag in 'npx claude-flow neural predict --input "task description"'.\n
- Boundary markers: None present in the skill definition to separate user input from the command context.\n
- Capability inventory: Shell command execution and remote package execution.\n
- Sanitization: No sanitization logic or instruction for escaping user input is provided in the documentation.
Audit Metadata