thesis-fund-strategy

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The README.md installation instructions fetch the skill's scripts and configuration files from https://raw.githubusercontent.com/Senpi-ai/senpi-skills/main/thesis-fund/. These are official vendor-controlled resources used to deploy the strategy.
  • [COMMAND_EXECUTION]: The skill instructions utilize standard shell utilities (setsid, nohup, curl, npx) for installation and process management. These are used to run the thesis-producer.py script as a background daemon, which is typical for trading applications.
  • [DYNAMIC_EXECUTION]: The scripts/thesis_config.py script dynamically resolves and adds the senpi-trading-runtime path to sys.path. This is a standard method within the platform's architecture to allow the skill to access required helper libraries provided by the runtime plugin.
  • [PROMPT_INJECTION]: The runtime.yaml file includes a decision prompt for an LLM that acts as a 'pass-through gate'. The prompt contains strict defensive instructions to honor the signal parameters (asset, direction, leverage) exactly as provided by the producer daemon, effectively preventing the model from deviating from the strategy's logic.
  • [DATA_EXPOSURE]: The skill uses environment variables (SENPI_AUTH_TOKEN, THESIS_WALLET) for sensitive information. This follows security best practices by avoiding hardcoded credentials and relying on the host environment's secret management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 08:48 PM
Security Audit — agent-trust-hub — thesis-fund-strategy