barracuda-strategy
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/barracuda_config.pyutilizessubprocess.runto invoke themcporterCLI tool. This is a standard architectural pattern for the platform to retrieve market data and account information. The command arguments are strictly controlled and data is safely serialized using JSON. - [DATA_EXPOSURE]: The skill accesses sensitive financial data including account values and open positions via the
mcportertool. This data is processed locally within the workspace to calculate trade parameters and is not exfiltrated to any external domains. - [INDIRECT_PROMPT_INJECTION]: The skill ingests external data from market leaderboards and price feeds via
mcportercalls inscripts/barracuda-scanner.py. Although this constitutes an external data ingestion surface, the risk is mitigated as the skill processes this data numerically for technical analysis (SMA, RSI) and does not interpret it as instructions. - [SAFE]: All external URLs and package references trace back to the official vendor infrastructure (
senpi.aiandgithub.com/Senpi-ai). The logic is transparent and matches the stated purpose of a funding-rate focused trading strategy.
Audit Metadata