wolf-howl
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a sub-agent workflow that processes external and historical trade data. This creates a surface for indirect prompt injection where data ingested from external APIs or logs could attempt to influence the agent's analysis or reporting behavior.
- Ingestion points: Data enters the context through 'memory/' logs, local DSL state JSON files, and trade history queried from the Senpi MCP connection via 'mcporter'.
- Boundary markers: The sub-agent instructions in 'references/analysis-prompt.md' do not define clear delimiters or separators to isolate untrusted trade data from the core analysis instructions.
- Capability inventory: The sub-agent is capable of reading workspace files, writing new report files to the filesystem, and sending messages to a user-provided Telegram chat ID.
- Sanitization: The skill does not perform explicit sanitization or structural validation on the external trade data before it is interpolated into the analysis prompt.
Audit Metadata