The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The displayWalletInfo function in src/wallet.ts logs generated private keys directly to the standard output in plaintext. In an AI agent environment, these logs are often captured in chat histories or logging systems, creating a significant exposure risk for user funds.
[CREDENTIALS_UNSAFE]: A 'shared' API key is hardcoded in src/config.ts, README.md, and SKILL.md. While the documentation claims this is for public use, hardcoding credentials into skill files is a discouraged practice that bypasses secure configuration management.
[COMMAND_EXECUTION]: The src/pumpfun-alpha.ts orchestrator script dynamically spawns six parallel child processes using the spawn method to run sub-agents. This increases the complexity of the execution environment and allows the skill to manage multiple independent execution threads on the host system.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via malicious token data.
Ingestion points: The scanner in src/pumpfun-scanner.ts fetches token names, symbols, and metadata from the GDEX API and WebSocket feeds.
Boundary markers: Untrusted metadata is processed and displayed without the use of delimiters or instructions to ignore embedded commands.
Capability inventory: The skill has powerful capabilities to perform financial transactions (buy/sell) across Solana and various EVM chains via src/trading.ts.
Sanitization: Metadata from third-party tokens is not sanitized before being used in logic or displayed, allowing attackers to potentially embed instructions in token symbols or names that could influence agent behavior.
[EXTERNAL_DOWNLOADS]: The project relies on unpinned dependencies, specifically a direct GitHub URL for @gdex/sdk and the 'latest' version tag for gdex.pro-sdk. This makes the build process unverifiable and susceptible to breaking changes or upstream supply chain attacks.

gdex-trading