hyperliquid
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill ingests market data from external APIs which could theoretically be used for injection, though the risk is negligible.
- Ingestion points: Market charts from CoinGecko API and perpetuals data from Hyperliquid API.
- Boundary markers: None identified in script outputs.
- Capability inventory: Placing and cancelling trading orders via the exchange SDK.
- Sanitization: None; data is processed as numerical values and formatted strings.
- Data Exposure & Exfiltration (SAFE): The skill manages private keys securely using environment variables. There is no evidence of unauthorized data transmission to external domains.
- Unverifiable Dependencies & Remote Code Execution (SAFE): All dependencies are standard and reputable (e.g., hyperliquid, ethers). No dynamic execution of remote code was found.
Audit Metadata