hyperliquid

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the agent to fetch and subscribe to public, third‑party Hyperliquid/Dwellir endpoints (e.g., POSTs to https://api.hyperliquid.xyz/info, Dwellir orderbook WSS at wss://api-hyperliquid-mainnet-orderbook.n.dwellir.com/{API_KEY}/ws, and the native WS at wss://api.hyperliquid.xyz/ws) and to parse that live market/user data and act on it (market‑making and order placement examples), which exposes the agent to untrusted external content that can materially influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets a trading blockchain (Hyperliquid/HyperEVM) and documents native write operations for trading and transfers. It references placing, cancelling, and modifying orders, transfers, and the native exchange endpoint (api.hyperliquid.xyz/exchange) which require EIP-712 signatures. Those are specific market/asset execution capabilities (order placement, cancellations, transfers, signing) rather than generic read-only tools. Therefore it grants direct financial execution authority.