jackal-tracker

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The Python scripts jackal-producer.py and jackal_config.py (both in the current scripts directory and legacy-v1) use subprocess.run to execute platform-provided CLI tools. Specifically, they call mcporter to communicate with the Model Context Protocol (MCP) and openclaw to ingest signals into the external scanner system. These commands are constructed using internal logic and environment variables such as STRATEGY_ADDRESS and OPENCLAW_BIN, representing legitimate integration with the Senpi platform architecture.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources.
  • Ingestion points: Data is ingested in scripts/jackal-producer.py using the discovery_get_trader_state and market_get_asset_data MCP tools, which fetch current positions and market context from other traders.
  • Boundary markers: The signal data is interpolated into the LLM decision prompt in runtime.yaml via the {{signal_jackal_signals}} placeholder.
  • Capability inventory: The skill has the capability to open market positions via the jackal_entry action (OPEN_POSITION type) and performs CLI operations via subprocess.run in the producer scripts.
  • Sanitization: The skill implements mitigation through its decision_prompt in runtime.yaml, which includes 'STRICT OUTPUT RULES' and 'HARD SKIP CONDITIONS'. These rules force the model to validate specific numeric values from the signal and reject the trade if data is missing or contradictory (e.g., 'UNKNOWN' TA trends or mismatched funding regimes).
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 10:51 AM
Security Audit — agent-trust-hub — jackal-tracker