osprey-strategy

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's installation instructions (README.md) use curl to fetch multiple Python scripts and configuration files from the vendor's GitHub repository (raw.githubusercontent.com/Senpi-ai/senpi-skills). This is a standard distribution method for this vendor's tools.
  • [COMMAND_EXECUTION]: The skill uses dynamic execution and path resolution in several ways:
  • scripts/osprey_config.py dynamically resolves the path to the senpi-trading-runtime directory and inserts it into sys.path to load dependencies.
  • tests/test_signal.py uses importlib.util to dynamically load and execute the producer script for testing purposes.
  • The installation guide involves npx skills add and running a long-lived Python daemon via nohup.
  • [PROMPT_INJECTION]: The runtime.yaml file contains a decision prompt for the LLM gate that instructs the agent to 'Honor the signal' and 'You are Osprey's pass-through gate.' While this steers agent behavior to ensure the strategy executes, it is a standard design for signal-following trading agents on this platform.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 08:48 PM
Security Audit — agent-trust-hub — osprey-strategy