Skills
skills/hlnames/use-hln-api-skill/use-hln-api/Gen Agent Trust Hub

use-hln-api

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions in SKILL.md contain a hardcoded public agent API key (NILB2EY-R4LUDOA-WN5G5JQ-KHAQOLA) intended as a fallback for users who do not provide their own credentials for the Hyperliquid Names API.
  • [COMMAND_EXECUTION]: The repository contains shell scripts, specifically runner/run.sh and scripts/sync-codex-skill.sh, used for managing file synchronization between deployment environments and executing local evaluation benchmarks.
  • [PROMPT_INJECTION]: The skill processes data from external API responses that contain user-generated content (e.g., text records, bios, and avatars). This creates a surface for indirect prompt injection where malicious metadata could influence the agent's behavior.
  • Ingestion points: Data retrieved from https://api.hlnames.xyz/ through endpoints like /records/full_record/:nameHashOrId and /resolve/profile/:address.
  • Boundary markers: The instructions do not define specific delimiters or warnings to isolate processed API data from the agent's core instructions.
  • Capability inventory: The skill is authorized to perform network requests to vendor-controlled domains using HTTP methods.
  • Sanitization: While the skill provides rules for normalizing input identifiers (e.g., ensuring .hl suffixes), there is no explicit sanitization or filtering logic applied to the content of returned metadata fields.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 05:26 AM