aicoin-hyperliquid
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill includes hardcoded public API credentials for the AiCoin free tier within lib/defaults.json. These are provided by the vendor for trial purposes and do not expose private user information.
- [SAFE]: A configuration loader in lib/aicoin-api.mjs reads .env files from predefined local workspace paths to authenticate requests. This is a standard and documented mechanism for managing API keys.
- [SAFE]: All network operations target the official vendor domain (open.aicoin.com) for the purpose of retrieving market data as described in the skill documentation.
- [SAFE]: While the skill processes external data from API responses, it lacks the execution capabilities (such as eval, exec, or filesystem writing) that would be required to exploit the agent via indirect prompt injection.
Audit Metadata