hedgehog-strategy
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The README.md file contains shell commands to download scripts and configuration files from raw.githubusercontent.com/Senpi-ai/senpi-skills. These are official resources hosted by the skill vendor.
- [COMMAND_EXECUTION]: The skill requires manual execution of shell commands for installation and starts a background Python process (hedgehog-producer.py) to manage market analysis and signal generation.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because the LLM processes external market data and leaderboard signals to make trading decisions.
- Ingestion points: Data enters via the hedgehog_signals scanner in runtime.yaml.
- Boundary markers: The decision_prompt does not use specific delimiters or instructions to ignore instructions embedded in the signal data.
- Capability inventory: The skill possesses the capability to execute OPEN_POSITION trading actions.
- Sanitization: The signal data is passed to the LLM without evident sanitization or filtering.
Audit Metadata