Skills
skills/starchild-ai-agent/community-skills/@1363/copy-trade/Gen Agent Trust Hub

@1363/copy-trade

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the requests library from the public PyPI registry if it is not found during execution.
  • [COMMAND_EXECUTION]: The scripts/copy_engine.py file uses os.system() to execute shell commands for package installation.
  • [PROMPT_INJECTION]: The skill processes external data from the Hyperliquid API to generate and execute trading commands, creating a surface for indirect injection.
  • Ingestion points: Fetches wallet positions and account state from https://api.hyperliquid.xyz/info in scripts/copy_engine.py.
  • Boundary markers: Absent; the skill relies on the structure of the JSON response from the API.
  • Capability inventory: The orchestrator script (scripts/orchestrator.py) generates parameters for sensitive trading tools including hl_order and hl_leverage.
  • Sanitization: External data values are cast to numeric types (float and int) and rounded before being incorporated into tool commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 02:17 PM
Security Audit — agent-trust-hub — @1363/copy-trade