turbine-strategy
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads strategy scripts and configuration files from the vendor's official GitHub repository (
github.com/Senpi-ai/senpi-skills). This is a documented part of the installation process and originates from a trusted source. - [COMMAND_EXECUTION]: The strategy utilizes shell commands for environment setup and runtime management, including execution of the producer daemon via Python and configuration via the
openclawCLI. - [DATA_EXFILTRATION]: Authenticated communication is performed using the
SENPI_AUTH_TOKEN. The skill routes these calls to local MCP services and established Senpi infrastructure; no unauthorized data transmission was observed. - [PROMPT_INJECTION]: Evaluated the indirect prompt injection surface associated with processing external market data for LLM-based trade decisions. • Ingestion points: Market data queries in
scripts/turbine-producer.py. • Boundary markers: Defined inruntime-volume.yamlandruntime-runners.yamltemplates. • Capability inventory: Trading operations such asOPEN_POSITIONandcancel_order. • Sanitization: LLM prompts include explicit logic to validate signals before execution.
Audit Metadata