albatross-strategy

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The README.md instructions include commands to download strategy scripts and configuration files from the vendor's GitHub repository using curl.
  • [EXTERNAL_DOWNLOADS]: The skill installation process involves fetching external components and scripts directly from the vendor's official GitHub organization.
  • [PROMPT_INJECTION]: The runtime.yaml file defines an LLM-based decision action (albatross_entry) that interpolates signal data directly into the prompt. This data, which includes usernames and handles from the Senpi Arena, is untrusted and could potentially contain malicious instructions designed to influence the agent's trading decisions.
  • Ingestion points: runtime.yaml action albatross_entry.
  • Boundary markers: Data is provided under a 'SIGNAL:' header without explicit delimiters or escaping.
  • Capability inventory: The action can execute OPEN_POSITION commands on the user's exchange account.
  • Sanitization: No sanitization of the interpolated signal data is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 08:48 PM
Security Audit — agent-trust-hub — albatross-strategy