mousecat-fraud-investigatorlisted

# Workflow When this skill triggers, follow these steps in order. ## Step 1 — Locate the transactions file Check whether the user has specified a CSV path. - If a path is provided, confirm the file exists and contains a header row with at minimum: `txn_id`, `timestamp`, `account_id`, `card_last4`, `merchant`, `amount`, `country`. - If no path is provided, ask: "Please provide the path to your transactions CSV. It must include columns: txn_id, timestamp, account_id, card_last4, merchant, amount, country. See `resources/transactions.csv` for a working example." - If the user has a different schema, map their column names to the expected ones before proceeding. ## Step 2 — Enumerate fraud hypotheses Before running the engine, state the hypotheses that will be tested: 1. **Velocity** — same account, many transactions in a short window. 2. **Structuring** — amounts just below a reporting threshold. 3. **Shared card** — same card_last4 across multiple account_ids. 4. **Impossible travel** — same account in two countries within an impossible time span. 5. **Round-number burst** — repeated identical round amounts from one account rapidly. ## Step 3 — Run the investigation engine Execute the engine from the skill root: ```bash node scripts/investigate.mjs <path-to-transactions.csv> ``` The engine outputs a Markdown report with one section per check. Each section includes: - The hypothesis being tested - Flagged `txn_id` values - A one-line rationale - A table of the flagged