bison-strategy

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches configuration and executable scripts from the Senpi-ai organization's GitHub repository during installation, which is a trusted vendor source.
  • [DATA_EXFILTRATION]: Performs network requests to the vendor's API (mcp.prod.senpi.ai) to retrieve market data and transmit trading signals, representing normal functionality for a trading strategy.
  • [COMMAND_EXECUTION]: Instructs the user to run a long-lived Python daemon (bison-producer.py) to monitor assets and generate signals.
  • [PROMPT_INJECTION]: Ingests external market data (prices, funding rates, etc.) through an LLM to make trading decisions, creating a surface for indirect prompt injection. The skill mitigates this through strict output formatting and logic validation in the decision prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 05:06 PM
Security Audit — agent-trust-hub — bison-strategy