llm-trading-agent-security

Autonomous trading agents have a harsher threat model than normal LLM apps: an injection or bad tool path can turn directly into asset loss. Layer the defenses. No single check is enough. Treat prompt hygiene, spend policy, simulation, execution limits, and wallet isolation as independent controls. Do not blindly inject token names, pair labels, webhooks, or social feeds into an execution-capable prompt. Use a dedicated hot wallet with only the required session funds. Never point the agent at a primary treasury wallet. - Building an AI agent that signs and sends transactions - Auditing a trading bot or on-chain execution assistant - Designing wallet key management for an agent - Giving an LLM access to order placement, swaps, or treasury operations - External data is sanitized before entering the LLM context - Spend limits are enforced independently from model output - Transactions are simulated before send - min_amount_out is mandatory - Circuit breakers halt on drawdown or invalid state - Keys come from env or a secret manager, never code or logs - Private mempool or protected routing is used when appropriate - Slippage and deadlines are set per strategy - All agent decisions are audit-logged, not just successful sends