coinpilot-hyperliquid-copy-trade
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires users to maintain a local file named
coinpilot.jsonthat stores high-sensitivity secrets in plaintext, including the Coinpilot API key, a Privy user ID, and up to ten wallet private keys. - [DATA_EXFILTRATION]: The Node.js execution script (
scripts/coinpilot_cli.mjs) transmits unencrypted wallet private keys and API credentials to the remote domainapi.coinpilot.botvia HTTP headers (x-wallet-private-key) and request body parameters (primaryWalletPrivateKey,followerWalletPrivateKey). This behavior exposes the user's full wallet control to the vendor's infrastructure and any potential network intermediaries. - [COMMAND_EXECUTION]: The skill uses the system's
nodebinary to run a local JavaScript file (scripts/coinpilot_cli.mjs) which contains the core logic for authentication, API interaction, and trading execution. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by processing untrusted data from external lead wallet metrics and category rankings.
- Ingestion points: Data returned from the Coinpilot API via endpoints like
/lead-wallets/metrics/wallets/:walletand/lead-wallets/metrics/categories/:categoryis ingested and presented to the agent. - Boundary markers: The skill instructions do not define specific delimiters or security boundaries to isolate external API data from the agent's internal logic.
- Capability inventory: The agent has the capability to execute shell commands (via
node), read local configuration files, and perform financial transactions (trading) based on processed data. - Sanitization: There is no evidence of sanitization or structural validation to prevent malicious instructions embedded in lead wallet metadata or metrics from influencing the agent's behavior.
Recommendations
- AI detected serious security threats
Audit Metadata