Skills
skills/starchild-ai-agent/community-skills/@1247/vampire-attack-hl/Snyk

@1247/vampire-attack-hl

Warn

Audited by Snyk on Mar 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's analyzer script (skills/vampire-attack-hl/scripts/analyze_hl_wallet.py) POSTs to the public API at https://api.hyperliquid.xyz/info to fetch fills and 1m candles, and SKILL.md explicitly requires running that script and ingesting its JSON/markdown outputs which directly drive the agent's cost calculations and migration pitch, so external (untrusted) API content can materially influence decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 18, 2026, 01:50 PM
Issues
1