senpi-getting-started-guide
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash commands (
mkdir,cat,node) to initialize and maintain an internal state file at~/.config/senpi/state.jsonwhich tracks the user's progress through the tutorial. - [EXTERNAL_DOWNLOADS]: The skill provides installation instructions that fetch markdown files from the author's official GitHub repository (
github.com/Senpi-ai/senpi-skills). These are documented as safe vendor resources. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its dependency on external data from the trading platform to provide recommendations.
- Ingestion points: Market activity and trader conviction data are fetched from external APIs via MCP tools in
references/discovery-guide.md. - Boundary markers: No explicit delimiters or instructions are used to separate external trader data from the agent's instructions when displaying the opportunities table.
- Capability inventory: The skill has access to tools for opening and closing financial positions through the connected MCP server.
- Sanitization: The skill does not describe any specific validation or filtering of external data fields (such as trader names or asset metadata) before they are incorporated into the prompt context.
Audit Metadata