hyperliquid

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs explicitly instruct the agent to fetch and subscribe to live public Hyperliquid/Dwellir endpoints (e.g., fetch('https://api.hyperliquid.xyz/info') in references/info-api.md and the WebSocket endpoints in references/native-api.md and references/orderbook-websocket.md), causing the agent to read untrusted public API/market data (user orders/trades) that the skill then uses to drive actions like trading, so external content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about a trading blockchain and related APIs and names the native exchange write endpoints. It documents placing, canceling, and modifying orders, references the Hyperliquid native exchange API (api.hyperliquid.xyz/exchange), EIP-712 signatures, and trading actions (perpetuals, spot, leverage, order placement). These are specific, purpose-built financial execution capabilities (market/order operations), not generic tooling, so it grants direct financial execution authority.