magpie-strategy
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup instructions in
README.mddescribe fetching scripts, configuration files, and runtime definitions from the author's official GitHub repository (github.com/Senpi-ai/senpi-skills). This is the intended distribution method for this vendor's skills. - [COMMAND_EXECUTION]: The
README.mdprovides shell commands for the user to initialize the workspace and launch the trading daemons usingsetsidandnohup. These commands are intended for manual setup by the operator to ensure the background processes persist across sessions. - [DATA_EXPOSURE]: The skill utilizes environment variables (e.g.,
SENPI_AUTH_TOKEN,MAGPIE_PRE_LISTING_WALLET) to manage sensitive credentials and wallet addresses. This follows standard security practices by avoiding hardcoded secrets and relying on the host environment's secret management. - [PROMPT_INJECTION]: The
SKILL.mdand runtime YAML files include strict 'Hard rules' and 'STRICT OUTPUT RULES' that define the agent's behavior. These instructions explicitly prohibit the agent from calling execution tools during user-conversation sessions, serving as a mitigation against accidental or malicious trade execution via chat interface.
Audit Metadata