Skills
skills/ruvnet/ruflo/trader-regime/Gen Agent Trust Hub

trader-regime

Warn

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill attempts to install the 'neural-trader' package from the npm registry if it is not already present in the environment. This represents an unpinned dependency on an external source.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run 'npx neural-trader' with multiple flags, executing code from an external package to perform regime detection and technical analysis.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes data retrieved from the neural-trader tool output.
  • Ingestion points: Command output from 'npx neural-trader' in SKILL.md.
  • Boundary markers: Absent.
  • Capability inventory: Shell command execution via 'Bash' and persistent state modification via 'mcp__claude-flow__memory_store'.
  • Sanitization: No evidence of validation or sanitization of external tool outputs before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 7, 2026, 03:17 PM