hyperliquid
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions in
SKILL.mddefine an autonomous workflow for the agent, directing it to 'ALWAYS do these automatically (never ask the user)' regarding balance checks and trade verification. This is a design choice for a specialized trading agent and does not attempt to bypass safety filters or extract system prompts. - [DATA_EXFILTRATION]: The skill performs network operations to
api.hyperliquid.xyz(the official Hyperliquid exchange API) andwallet-service-dev.fly.dev(the vendor's wallet service). These communications are essential for retrieving market data and signing transaction payloads, and they target well-known or vendor-controlled infrastructure. - [COMMAND_EXECUTION]: The skill does not perform any shell command execution or utilize unsafe system-level calls. All operations are conducted via structured HTTP requests to known APIs.
- [SAFE]: The skill processes market data and account status from the Hyperliquid API. While this constitutes an external data ingestion surface, the risk of indirect prompt injection is minimal due to the structured numerical nature of the financial data received.
Audit Metadata