hyperliquid
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The
hl_withdrawtool allows the agent to transfer USDC from the Hyperliquid bridge to any specified Arbitrum wallet address. This capability represents a significant asset exfiltration risk if the agent's decision-making process is manipulated by a malicious actor. - [PROMPT_INJECTION]: The
SKILL.mdfile contains 'Agent Behavior Guidelines' that explicitly instruct the agent to 'ALWAYS' perform actions like setting leverage, placing orders, and verifying fills automatically without asking the user for confirmation. This autonomous execution pattern significantly amplifies the impact of potential prompt injection attacks, as the agent may commit to financial transactions without a human-in-the-loop review. - [COMMAND_EXECUTION]: The skill interacts with an internal wallet service via a private
_wallet_requestfunction to perform high-privilege operations, including EIP-712 signing of trade actions and executing on-chain ERC-20 transfers for deposits. These requests to the wallet API grant the skill direct control over the agent's cryptographic signatures and underlying financial assets.
Audit Metadata