boar-strategy
Warn
Audited by Snyk on Jun 28, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). At runtime the producer daemon fetches live market/instrument data via
cfg.mcp_call(...)(e.g.,market_list_instrumentsandmarket_get_asset_datainget_universe_meta()/fetch_candles()), and those responses are then used to construct thesignal_boar_*payload that is injected into the runtime LLM context viaruntime-*.yamlactions.*.context→decision_prompt({{signal_boar_long_signals}}/{{signal_boar_short_signals}}); this is outsider-authored free text from an external MCP/vendor source.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The README explicitly instructs fetching and installing code from https://github.com/Senpi-ai/senpi-skills (via npx) and downloading files from https://raw.githubusercontent.com/Senpi-ai/senpi-skills/main/boar/$f which are then executed (the producer scripts and runtime YAML containing the decision_prompt), so remote content would be fetched and executed and directly controls LLM prompts/runtime behavior.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly references trading wallets (BOAR_LONG_WALLET, BOAR_SHORT_WALLET) and concrete order/position management functions such as create_position, close_position, edit_position, ratchet_stop_, cancel_order, and strategy_close. It also discusses order types (FEE_OPTIMIZED_LIMIT with taker fallback) and runtime daemons that emit entries/exits. Those are specific market-execution APIs/tools (placing, editing, cancelling orders and managing positions tied to wallets), so this grants direct financial execution capability even though a "read-only" rule for conversational sessions is stated.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata