aicoin-hyperliquid
Warn
Audited by Snyk on May 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). Yes — the skill makes live calls to the third‑party AiCoin/Hyperliquid APIs (see lib/aicoin-api.mjs and scripts/hl-.mjs calling /api/upgrade/v2/hl/ and /api/upgrade/v2/hl/info) and explicitly propagates upstream textual fields such as msg/实测结论/付费提示 into agent responses, so untrusted external API content is read and can materially influence agent behavior.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata