hyperliquid

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill's examples and trading commands explicitly show embedding a private key via HYPERLIQUID_PRIVATE_KEY=0x... in CLI invocations (and require the private key for trades), which encourages placing the secret directly into commands and would cause an agent to include the secret verbatim in outputs if substituted—posing a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and parses public market data from third-party APIs (e.g., CoinGecko in scripts/analyze-coingecko.mjs and Hyperliquid API via the SDK in scripts/analyze-market.mjs, scan-market.mjs, and hyperliquid.mjs), and uses that untrusted external data to generate trading analysis and recommendations that the agent reads and acts on, creating a path for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading integration for the Hyperliquid perpetual futures exchange. It includes commands to place limit and market orders, cancel orders, and close positions, and it requires a private key environment variable (HYPERLIQUID_PRIVATE_KEY) for trading operations. Those capabilities constitute direct transaction execution on a crypto exchange (placing market/limit orders, using a wallet private key), not a generic tool. This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" and "Market Orders" categories in the core rule, so it grants direct financial execution authority.