thesis-fund-strategy
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The README.md installation instructions fetch the skill's scripts and configuration files from
https://raw.githubusercontent.com/Senpi-ai/senpi-skills/main/thesis-fund/. These are official vendor-controlled resources used to deploy the strategy. - [COMMAND_EXECUTION]: The skill instructions utilize standard shell utilities (
setsid,nohup,curl,npx) for installation and process management. These are used to run thethesis-producer.pyscript as a background daemon, which is typical for trading applications. - [DYNAMIC_EXECUTION]: The
scripts/thesis_config.pyscript dynamically resolves and adds thesenpi-trading-runtimepath tosys.path. This is a standard method within the platform's architecture to allow the skill to access required helper libraries provided by the runtime plugin. - [PROMPT_INJECTION]: The
runtime.yamlfile includes a decision prompt for an LLM that acts as a 'pass-through gate'. The prompt contains strict defensive instructions to honor the signal parameters (asset, direction, leverage) exactly as provided by the producer daemon, effectively preventing the model from deviating from the strategy's logic. - [DATA_EXPOSURE]: The skill uses environment variables (
SENPI_AUTH_TOKEN,THESIS_WALLET) for sensitive information. This follows security best practices by avoiding hardcoded credentials and relying on the host environment's secret management.
Audit Metadata