Skills
skills/ruvnet/claude-flow/trader-portfolio/Gen Agent Trust Hub

trader-portfolio

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the neural-trader package from the npm registry if it is not locally available.
  • [COMMAND_EXECUTION]: Executes various CLI commands for portfolio optimization, risk assessment, and rebalancing via npx neural-trader in a Bash environment.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from a memory search tool.
  • Ingestion points: Portfolio holdings data enters the context via mcp__claude-flow__memory_search (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when processing holdings data.
  • Capability inventory: The skill can execute shell commands (npx), perform neural predictions, and write to persistent storage (mcp__claude-flow__memory_store).
  • Sanitization: There is no evidence of sanitization or validation of the holdings data before it is passed to subsequent optimization or prediction tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:23 PM
Security Audit — agent-trust-hub — trader-portfolio