hummingbird-strategy

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The README instructs the user to download strategy files and the senpi-trading-runtime dependency from the author's official GitHub repository (Senpi-ai/senpi-skills).
  • [COMMAND_EXECUTION]: The skill documentation includes standard shell commands for installation using npx and execution of the producer daemon via python3. These are transparent and necessary for the skill's operation.
  • [DATA_EXPOSURE]: The strategy accesses the SENPI_AUTH_TOKEN environment variable for API authentication and maintains a local cache of recent signals in a JSON file to prevent redundant trades. This is standard practice for secure secret handling and state management.
  • [PROMPT_INJECTION]: The runtime configuration includes a prompt for the LLM that specifies strict rules and validation conditions for opening positions. These instructions act as functional guardrails and do not attempt to bypass platform safety filters.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 08:48 PM
Security Audit — agent-trust-hub — hummingbird-strategy