market-ingest
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides a command-line alternative using
npx @claude-flow/cli@latest. This involves downloading and executing a package from the npm registry, which is an expected part of the author's ecosystem. - [COMMAND_EXECUTION]: The skill utilizes
Bashfor managing data storage through CLI tools, supporting the primary function of data ingestion. - [PROMPT_INJECTION]: Ingesting market data from external REST APIs and CSV files represents a potential surface for indirect prompt injection.
- Ingestion points: Step 1 identifies REST APIs and CSV files as primary data sources.
- Boundary markers: None specified in the instructions.
- Capability inventory: Subprocess execution via Bash and storage operations using MCP tools.
- Sanitization: Step 2 (Normalization) involves mathematical transformations (Z-scores and relative price changes), which naturally filters out non-numeric instruction content before it reaches the vector index.
Audit Metadata