hedgehog-strategy

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The README.md file contains shell commands to download scripts and configuration files from raw.githubusercontent.com/Senpi-ai/senpi-skills. These are official resources hosted by the skill vendor.
  • [COMMAND_EXECUTION]: The skill requires manual execution of shell commands for installation and starts a background Python process (hedgehog-producer.py) to manage market analysis and signal generation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because the LLM processes external market data and leaderboard signals to make trading decisions.
  • Ingestion points: Data enters via the hedgehog_signals scanner in runtime.yaml.
  • Boundary markers: The decision_prompt does not use specific delimiters or instructions to ignore instructions embedded in the signal data.
  • Capability inventory: The skill possesses the capability to execute OPEN_POSITION trading actions.
  • Sanitization: The signal data is passed to the LLM without evident sanitization or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 08:48 PM
Security Audit — agent-trust-hub — hedgehog-strategy