@1391/hl-copy-trader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly reads public Hyperliquid account data for a user-supplied target address (via HyperliquidClient.get_account_state, get_open_orders and _info calls to the HL info API referenced in references/api.md and scripts/setup.py, scripts/sync.py, weekly_report.py) and uses that untrusted, user-generated state to decide and execute trading actions (place/cancel/adjust orders), so third-party content can materially influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading automation: it deposits to Hyperliquid, signs and cancels orders, opens/closes positions, sets leverage, and uses a HyperliquidClient and a required wallet-policy for order signing. Those are specific blockchain/crypto wallet and trading actions (placing transactions/orders and managing funds), not generic browsing or HTTP calls. This meets the "Direct Financial Execution" criteria.