albatross-strategy

Fail

Audited by Snyk on Jun 28, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). The links are to a GitHub org, raw GitHub content and the senpi.ai site that instruct operators to curl/run repository scripts and to extract/set a user-scoped bearer token — downloading and executing raw scripts from an unverified repo (and handing over a user token) is high-risk because it can execute arbitrary code and enable account or fund takeover.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.78). The required runtime workflow calls arena_leaderboard (public Arena leaderboard data) and then strategy_list/discovery_get_trader_state for those outsider traders; the resulting ROE/leader metadata and open-position fields are ingested into the LLM via the albatross_signals scanner output and interpolated into decision_prompt as {{signal_albatross_signals}} (indirect prompt injection risk from outsider-authored leaderboard/position text/fields).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).


MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly implements automated trading/mirroring: it computes leader pools, detects new leader positions, emits ALBATROSS_ARENA_MIRROR signals containing asset, direction, marginUsd and leverage, and the runtime "opens via FEE_OPTIMIZED_LIMIT" with cap on leverage, sizing, TP/SL and exit rules. It directly describes placing orders/positions (market/order execution semantics, margin, leverage, order type) and uses trading-specific APIs (arena_leaderboard, strategy_list, discovery_get_trader_state) to drive those executions. This is a tool whose primary purpose is to open and manage financial positions (market orders), so it grants direct financial execution authority.

Issues (4)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 28, 2026, 08:48 PM
Issues
4
Security Audit — snyk — albatross-strategy