albatross-strategy
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The README.md instructions include commands to download strategy scripts and configuration files from the vendor's GitHub repository using
curl. - [EXTERNAL_DOWNLOADS]: The skill installation process involves fetching external components and scripts directly from the vendor's official GitHub organization.
- [PROMPT_INJECTION]: The
runtime.yamlfile defines an LLM-based decision action (albatross_entry) that interpolates signal data directly into the prompt. This data, which includes usernames and handles from the Senpi Arena, is untrusted and could potentially contain malicious instructions designed to influence the agent's trading decisions. - Ingestion points:
runtime.yamlactionalbatross_entry. - Boundary markers: Data is provided under a 'SIGNAL:' header without explicit delimiters or escaping.
- Capability inventory: The action can execute
OPEN_POSITIONcommands on the user's exchange account. - Sanitization: No sanitization of the interpolated signal data is performed.
Audit Metadata