elephant-strategy

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches strategy scripts, configuration files, and a runtime helper skill from the author's verified GitHub repository (github.com/Senpi-ai/senpi-skills). These are standard vendor-provided resources.
  • [COMMAND_EXECUTION]: Provides instructions for users to run producer scripts as background daemons using standard Linux utilities (setsid, nohup). This is a common practice for maintaining long-running trading processes.
  • [PROMPT_INJECTION]: Implements explicit instructions in the skill metadata and runtime YAML files to restrict the LLM to a read-only or pass-through validation role, preventing unintended execution of trading actions during chat sessions.
  • [DATA_EXFILTRATION]: Transmits trading signals and performs market queries through an authenticated MCP connection to the vendor's secure infrastructure (mcp.prod.senpi.ai), which is essential for the skill's automated trading functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 08:48 PM
Security Audit — agent-trust-hub — elephant-strategy