mongoose-strategy

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's setup instructions direct users to fetch the "senpi-trading-runtime" plugin and multiple strategy-specific Python and configuration files from the "Senpi-ai" GitHub organization.
  • [COMMAND_EXECUTION]: The README provides shell commands for users to manually configure the environment and launch the strategy producer scripts as background daemons using "python3" with "setsid" and "nohup" for persistence.
  • [PROMPT_INJECTION]: The runtime configuration files ("runtime-long.yaml" and "runtime-short.yaml") interpolate data from external market scanners into LLM prompts to facilitate automated trading decisions.
  • Ingestion points: Signal data provided by the "mongoose_long_signals" and "mongoose_short_signals" scanners in the runtime YAML files.
  • Boundary markers: Absent. The prompt logic does not use delimiters or explicit "ignore embedded instructions" warnings to separate instructional text from the interpolated signal data.
  • Capability inventory: The LLM is authorized to execute the "OPEN_POSITION" action and define order parameters (asset, direction, leverage, margin) based on the ingested signals.
  • Sanitization: There is no evidence of explicit sanitization, escaping, or schema validation of the scanner output before it is interpolated into the decision prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 08:48 PM
Security Audit — agent-trust-hub — mongoose-strategy