bobcat-strategy

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches skill components and configuration files from the author's public GitHub repository at github.com/Senpi-ai/senpi-skills.
  • [COMMAND_EXECUTION]: The installation guide provides standard shell commands for environment setup, including directory creation, file downloads via curl, and starting the producer daemon using python3 and nohup.
  • [PROMPT_INJECTION]: The decision prompt in the runtime configuration includes instructions that hardcode a requirement for 'BTC', which conflicts with the strategy's primary universe of equity perpetuals (NVDA, TSLA, etc.). This appears to be a documentation artifact from a template rather than a malicious pattern.
  • [DATA_EXFILTRATION]: The skill uses the SenpiClient for signal transmission. All communication is directed to the designated trading infrastructure and vendor-managed APIs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 08:48 PM
Security Audit — agent-trust-hub — bobcat-strategy