grimoire-hyperliquid

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md shows the agent querying live Hyperliquid market endpoints (e.g., the "grimoire venue hyperliquid mids", "l2-book", "open-orders", "meta" commands and snapshot/--format spell outputs), which are public third‑party data the agent consumes and that feed decision-making and spell/order actions, so untrusted external content could influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides stateful, financial actions: a withdraw command that requires a private key/keystore and explicit confirmation, and a documented "order" spell/action for placing market orders (parameters: coin, price, size, side, order_type). Both are direct crypto financial operations (withdrawals and order placement), not generic tooling. Therefore it grants direct financial execution authority.