magpie-strategy

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's setup instructions in README.md describe fetching scripts, configuration files, and runtime definitions from the author's official GitHub repository (github.com/Senpi-ai/senpi-skills). This is the intended distribution method for this vendor's skills.
  • [COMMAND_EXECUTION]: The README.md provides shell commands for the user to initialize the workspace and launch the trading daemons using setsid and nohup. These commands are intended for manual setup by the operator to ensure the background processes persist across sessions.
  • [DATA_EXPOSURE]: The skill utilizes environment variables (e.g., SENPI_AUTH_TOKEN, MAGPIE_PRE_LISTING_WALLET) to manage sensitive credentials and wallet addresses. This follows standard security practices by avoiding hardcoded secrets and relying on the host environment's secret management.
  • [PROMPT_INJECTION]: The SKILL.md and runtime YAML files include strict 'Hard rules' and 'STRICT OUTPUT RULES' that define the agent's behavior. These instructions explicitly prohibit the agent from calling execution tools during user-conversation sessions, serving as a mitigation against accidental or malicious trade execution via chat interface.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 08:48 PM
Security Audit — agent-trust-hub — magpie-strategy