openfin-hyperliquid
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a 'Safety Contract' that mandates explicit user confirmation before executing any state-changing operations, such as placing or modifying orders, updating leverage, or initiating withdrawals.
- [SAFE]: Provides protection against indirect prompt injection by directing the agent to ignore asset symbols or prices from untrusted sources and instead verify them via official Hyperliquid metadata endpoints.
- [SAFE]: External network interactions are restricted to the official and well-known Hyperliquid exchange API and WebSocket domains.
- [SAFE]: The skill documentation follows best practices for secret management, referencing the 'openfin-setup' prerequisite for credential handling rather than hardcoding sensitive information.
Audit Metadata