Skills
skills/ruvnet/claude-flow/market-pattern/Gen Agent Trust Hub

market-pattern

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to download and run the @claude-flow/cli package from the NPM registry. This is an external dependency that occurs at runtime.
  • [REMOTE_CODE_EXECUTION]: The instruction npx @claude-flow/cli@latest fetches and executes remote code. While this CLI appears to be the primary interface for the skill's environment, it represents a standard execution of unverified remote scripts.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform operations like memory searches and data storage via the command line.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting and processing external market data.
  • Ingestion points: Data is ingested via mcp__claude-flow__memory_search and memory_list tools (SKILL.md).
  • Boundary markers: None identified; there are no instructions to use delimiters or ignore potentially malicious content within the ingested OHLCV data.
  • Capability inventory: The skill has access to the Bash tool and multiple storage/database search tools (SKILL.md).
  • Sanitization: There is no mention of data validation or sanitization before the data is processed for pattern detection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:23 PM
Security Audit — agent-trust-hub — market-pattern