turbine-strategy

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads strategy scripts and configuration files from the vendor's official GitHub repository (github.com/Senpi-ai/senpi-skills). This is a documented part of the installation process and originates from a trusted source.
  • [COMMAND_EXECUTION]: The strategy utilizes shell commands for environment setup and runtime management, including execution of the producer daemon via Python and configuration via the openclaw CLI.
  • [DATA_EXFILTRATION]: Authenticated communication is performed using the SENPI_AUTH_TOKEN. The skill routes these calls to local MCP services and established Senpi infrastructure; no unauthorized data transmission was observed.
  • [PROMPT_INJECTION]: Evaluated the indirect prompt injection surface associated with processing external market data for LLM-based trade decisions. • Ingestion points: Market data queries in scripts/turbine-producer.py. • Boundary markers: Defined in runtime-volume.yaml and runtime-runners.yaml templates. • Capability inventory: Trading operations such as OPEN_POSITION and cancel_order. • Sanitization: LLM prompts include explicit logic to validate signals before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 10:52 AM
Security Audit — agent-trust-hub — turbine-strategy