coinpilot-hyperliquid-copy-trade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches data from public third‑party APIs (Coinpilot endpoints shown in references/coinpilot-api.md and invoked in scripts/coinpilot_cli.mjs via requestCoinpilot, and Hyperliquid /info calls from references/hyperliquid-api.md) to obtain lead-wallet metrics and portfolio info which the agent is required to read and act on (e.g., pick leads and start/stop copy trades), so untrusted/user-sourced content can materially influence automated trading decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain trading operations. It requires wallet private keys (primary and follower), sets auth headers like x-wallet-private-key, and documents specific write endpoints and payloads that perform state-changing financial actions (e.g., POST /experimental/:wallet/subscriptions/start with primaryWalletPrivateKey and followerWalletPrivateKey, POST /users/:userId/subscriptions/:subscriptionId/close, stop, renew-api-wallet, adjust subscription config). It also enforces allocations, checks balances, and can close positions — all concrete mechanisms to move funds and execute trades. This is direct crypto/financial execution capability.