hawk-strategy
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFE
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The README.md documentation contains instructions for the operator to download the strategy's scripts and configuration files from the author's public GitHub repository (github.com/Senpi-ai/senpi-skills). This is a standard setup procedure and uses the vendor's official distribution channel.- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill manages authentication using a SENPI_AUTH_TOKEN environment variable and stores its internal state in a dedicated local directory. It does not attempt to access sensitive system files, hardcode credentials, or exfiltrate private data.- [INDIRECT_PROMPT_INJECTION]: The skill ingests external market data which is subsequently processed by an LLM. This potential attack surface is mitigated by the producer script's internal logic, which parses and scores the data before it reaches the LLM, and by the strict output formatting rules defined in the runtime.yaml configuration.
Audit Metadata