@1363/copy-trade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill calls the public Hyperliquid API (https://api.hyperliquid.xyz/info) in scripts/copy_engine.py and orchestrator.py to fetch target wallet positions (untrusted user-generated wallet data) which the agent directly reads and uses to compute and emit hl_order/hl_leverage commands, so third-party content can materially change the agent's actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading automation tool for Hyperliquid: it mirrors wallets, generates and executes trade commands (examples show JSON commands calling "hl_order" and "hl_leverage"), verifies fills with hl_account(), and schedules recurring orchestrator runs that place orders and change leverage. This is a specific crypto trading/execution capability (wallet addresses, order placement, leverage control, execution history/state), not a generic tool. Therefore it grants direct financial execution authority.