The Agent Skills Directory

Indirect Prompt Injection (SAFE): The skill processes data from external URLs, which theoretically presents a surface for indirect prompt injection. However, the risk is categorized as SAFE because the skill lacks any capabilities (such as code execution, file system access, or credential usage) that could be exploited by injected instructions. Evidence: (1) Ingestion points: multiple Gitbook URLs defined in SKILL.md; (2) Boundary markers: absent; (3) Capability inventory: limited to WebFetch and Read tools; (4) Sanitization: absent.
External Downloads (SAFE): The skill fetches content from hyperliquid.gitbook.io. This is the official documentation platform for the protocol and is used strictly for information retrieval.

hyperliquid-api-docs