mongoose-strategy
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup instructions direct users to fetch the "senpi-trading-runtime" plugin and multiple strategy-specific Python and configuration files from the "Senpi-ai" GitHub organization.
- [COMMAND_EXECUTION]: The README provides shell commands for users to manually configure the environment and launch the strategy producer scripts as background daemons using "python3" with "setsid" and "nohup" for persistence.
- [PROMPT_INJECTION]: The runtime configuration files ("runtime-long.yaml" and "runtime-short.yaml") interpolate data from external market scanners into LLM prompts to facilitate automated trading decisions.
- Ingestion points: Signal data provided by the "mongoose_long_signals" and "mongoose_short_signals" scanners in the runtime YAML files.
- Boundary markers: Absent. The prompt logic does not use delimiters or explicit "ignore embedded instructions" warnings to separate instructional text from the interpolated signal data.
- Capability inventory: The LLM is authorized to execute the "OPEN_POSITION" action and define order parameters (asset, direction, leverage, margin) based on the ingested signals.
- Sanitization: There is no evidence of explicit sanitization, escaping, or schema validation of the scanner output before it is interpolated into the decision prompt.
Audit Metadata