raccoon-strategy
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installation instructions in
README.mddownload Python scripts (raccoon-producer.py,raccoon_config.py), configuration files, and metadata from the vendor's official GitHub repository (Senpi-ai/senpi-skills). This is a standard deployment mechanism for the vendor's trading tools. - [COMMAND_EXECUTION]: The strategy operates by executing a background Python process (
raccoon-producer.py) which acts as a monitoring daemon. It uses thenohupcommand to maintain persistence across sessions and periodically triggers strategy logic to evaluate market conditions. - [DATA_EXFILTRATION]: The skill retrieves sensitive financial information, including account equity and active positions, via MCP tools (
strategy_get_clearinghouse_state) and transmits trading signals (including position size and direction) to the Senpi runtime for execution. These operations are required for the skill's primary function and are conducted within the vendor's infrastructure. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in
runtime.yamlwhere market signals are processed by an LLM to make final trade decisions. - Ingestion points: Market data, technical indicators, and Smart Money leaderboard statistics are interpolated into the decision prompt via the
{{signal_raccoon_signals}}variable. - Boundary markers: The prompt lacks explicit delimiters or instructions to ignore potential commands within the interpolated data, relying instead on the structured nature of the input.
- Capability inventory: The skill has the authority to execute the
OPEN_POSITIONaction on the user's trading account. - Sanitization: The producer script provides basic validation by enforcing a JSON schema, though it does not explicitly sanitize free-text fields that could originate from external market data sources.
Audit Metadata