automated-trading-with-ichimoku
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection through its sentiment analysis component.
- Ingestion points: The
fetchExternalSignals(symbol)function retrieves external news and social sentiment from potentially attacker-controlled sources. - Boundary markers: There are no boundary markers or delimiters used to separate untrusted external content from the decision-making logic.
- Capability inventory: The skill possesses significant capabilities, including executing market orders on a DEX (
client.exchange.placeOrder) and managing private keys. - Sanitization: No sanitization or verification of the external sentiment data is present. An attacker could inject malicious content into news feeds or social media to manipulate the
sentimentAnalysis.vetoorsentimentAnalysis.adjustmentlogic, forcing unwanted trades or preventing necessary exits. - EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on
@nktkas/hyperliquid, which is a third-party community SDK and not part of the trusted developer whitelist. Dependencies on unverified community packages for financial operations increase the risk of supply chain attacks. - CREDENTIALS_UNSAFE (HIGH): The code demonstrates the use of a
privateKeyvariable to instantiate an account viaprivateKeyToAccount. While the key is not hardcoded in the example, the skill's architecture requires the agent to have access to and manipulate raw private keys in an environment that also processes untrusted external data.
Recommendations
- AI detected serious security threats
Audit Metadata