The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructions specify checking for and installing the neural-trader package from the public npm registry using npm install if it is not already present in the environment.- [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute npm and npx commands, which allows the execution of code within the installed package and any of its dependencies.- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where data from an external memory store is used to construct shell commands.
Ingestion points: Untrusted data enters the agent context via the mcp__claude-flow__memory_retrieve and mcp__claude-flow__memory_search tools in SKILL.md.
Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present when processing the retrieved data.
Capability inventory: The skill possesses the ability to execute arbitrary shell commands via the Bash tool and interact with persistent storage via agentdb_pattern-store and mcp__claude-flow__neural_train.
Sanitization: There is no evidence of input validation or shell escaping for values retrieved from memory (e.g., strategy-STRATEGY_NAME) before they are interpolated into npx neural-trader commands.

trader-backtest