openfin-hyperliquid
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill incorporates a 'Safety Contract' that enforces strict rules for high-risk operations, requiring the agent to display trade details and obtain explicit user confirmation for all orders, leverage changes, and withdrawals.
- [SAFE]: Use of external endpoints is limited to the official and well-known Hyperliquid API (api.hyperliquid.xyz) and WebSocket (wss://api.hyperliquid.xyz/ws), which are necessary for the skill's stated purpose of DEX trading.
- [SAFE]: The skill includes specific defensive instructions to mitigate indirect prompt injection risks, warning the agent to verify asset identifiers and pricing through official market metadata tools rather than relying on unverified external content.
- [SAFE]: Financial safety is enhanced by hardcoded withdrawal logic that restricts transfers to the user's own Arbitrum address, preventing funds from being sent to unauthorized third-party wallets.
- [SAFE]: Autonomous account 'unification' is performed only for essential platform functionality (upgrading the margin pool model), is idempotent, and requires a mandatory notification to the user.
Audit Metadata