pangolin-strategy
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill follows established patterns for the Senpi platform, using the provided 'mcporter' CLI tool for all external interactions.
- [COMMAND_EXECUTION]: The script 'scripts/pangolin_config.py' invokes the 'mcporter' tool via 'subprocess.run'. The implementation is secure as it avoids shell execution and uses structured arguments, preventing command injection.
- [SAFE]: Usage of environment variables for wallet and strategy IDs is consistent with the platform's security model for managing trading credentials.
- [SAFE]: Regarding indirect prompt injection, the skill ingests untrusted market data (ingestion points: 'scripts/pangolin-scanner.py' lines 173, 185) with no boundary markers. Capabilities include position creation and order cancellation via the 'mcporter' tool. Sanitization is performed via explicit type casting of external values.
Audit Metadata