The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted trader metadata (such as usernames and IDs) and interpolates them into an LLM decision prompt.
Ingestion points: The runtime.yaml file (line 123) interpolates the {{signal_jackal_signals}} payload into the decision_prompt used by the jackal_entry action.
Boundary markers: The prompt uses structured sections (e.g., "SIGNAL:") but lacks explicit negative constraints or delimiters to prevent the LLM from following instructions embedded within trader-supplied strings like sourceTraderUsername.
Capability inventory: The LLM's decision directly triggers the OPEN_POSITION action, which has financial implications (opening leveraged trades on Hyperliquid).
Sanitization: The scripts/jackal-producer.py script fetches data from the discovery_get_trader_state MCP tool and includes it in the signal payload without escaping or sanitizing string fields.
[EXTERNAL_DOWNLOADS]: The skill's deployment instructions guide the user to download and execute scripts from a remote repository.
Evidence: SKILL.md contains curl commands fetching Python scripts and configuration files from https://raw.githubusercontent.com/Senpi-ai/senpi-skills/main/jackal/.
Context: These resources belong to the skill's verified author (Senpi-ai) and are necessary for the skill's operation.
[COMMAND_EXECUTION]: The skill performs shell command execution to interact with required platform binaries.
Evidence: scripts/jackal_config.py and scripts/jackal-producer.py utilize subprocess.run to call the mcporter and openclaw CLI tools.
Context: Commands are constructed using list-based arguments without shell=True, reducing the risk of command injection.

jackal-tracker