komodo-strategy
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the Senpi platform using the
mcporterCLI utility. Inscripts/komodo_config.py, themcporter_callfunction utilizessubprocess.runwith an argument list, which is a secure practice that prevents shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The configuration and documentation reference external URLs hosted on
github.com/Senpi-ai. AsSenpi-aiis the skill's authoring organization and is recognized as a trusted vendor, these references are considered safe and represent standard project documentation. - [SAFE]: Data handling is restricted to the skill's local workspace. It reads from and writes to the
config/andstate/directories to maintain strategy settings and trade counters. No access to sensitive system files or credentials was detected. - [SAFE]: The strategy logic involves processing structured numerical data from momentum events. It does not perform any prompt interpolation of untrusted text that would present a risk of indirect prompt injection.
Audit Metadata