jackal-tracker
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Python scripts
jackal-producer.pyandjackal_config.py(both in the current scripts directory and legacy-v1) usesubprocess.runto execute platform-provided CLI tools. Specifically, they callmcporterto communicate with the Model Context Protocol (MCP) andopenclawto ingest signals into the external scanner system. These commands are constructed using internal logic and environment variables such asSTRATEGY_ADDRESSandOPENCLAW_BIN, representing legitimate integration with the Senpi platform architecture. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources.
- Ingestion points: Data is ingested in
scripts/jackal-producer.pyusing thediscovery_get_trader_stateandmarket_get_asset_dataMCP tools, which fetch current positions and market context from other traders. - Boundary markers: The signal data is interpolated into the LLM decision prompt in
runtime.yamlvia the{{signal_jackal_signals}}placeholder. - Capability inventory: The skill has the capability to open market positions via the
jackal_entryaction (OPEN_POSITION type) and performs CLI operations viasubprocess.runin the producer scripts. - Sanitization: The skill implements mitigation through its
decision_promptinruntime.yaml, which includes 'STRICT OUTPUT RULES' and 'HARD SKIP CONDITIONS'. These rules force the model to validate specific numeric values from the signal and reject the trade if data is missing or contradictory (e.g., 'UNKNOWN' TA trends or mismatched funding regimes).
Audit Metadata