hyperliquid
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- PROMPT_INJECTION (LOW): The skill exposes a surface for Indirect Prompt Injection through the processing of untrusted external data.
- Ingestion points: Market data, orderbook depth, and funding statistics ingested via commands like
/hl stats,/hl price, and/hl book(SKILL.md). - Boundary markers: Absent; the documentation provides no delimiters or instructions to ignore embedded commands in the data feeds.
- Capability inventory: Possesses significant financial capabilities including asset transfers (
/hl transfer send), withdrawals, and automated trading (SKILL.md). - Sanitization: No input validation or sanitization of external data is specified.
- DATA_EXFILTRATION (LOW): The skill enables high-impact financial operations such as
/hl transfer sendto arbitrary external addresses and communicates with non-whitelisted endpoints (hyperliquid.xyz). While appropriate for a DEX, these capabilities increase the potential impact of a prompt injection attack. - CREDENTIALS_UNSAFE (LOW): The configuration guide requires users to export
HYPERLIQUID_PRIVATE_KEYto the environment. Although the documentation uses placeholders, providing a master private key to an AI agent environment is a high-risk design pattern that facilitates total wallet compromise if the agent's session is hijacked.
Audit Metadata