The Agent Skills Directory

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt embeds a plaintext GDEX API key and repeatedly instructs placing the apiKey value directly into payloads/encryption (and even uses a literal fallback in examples), which forces an agent to handle or output the secret verbatim in requests or generated code — a high exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

Suspicious download URL detected (high risk: 0.70). These links are not direct executable downloads but reference an unknown GitHub repo, custom API domains and npm commands (npx/npm install) with prefilled keys and scripts — creating a moderate supply‑chain/remote code execution risk if you run or install them without auditing the code and package sources.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill actively ingests and acts on live, public token data from the open gdex API and WebSocket streams (e.g., sdk.tokens.getNewestTokens, sdk.tokens.getTrendingTokens, and sdk.connectWebSocketWithChain shown in SKILL.md and the scanner/pumpfun agent workflows), which are untrusted/user-generated sources and are used to drive autonomous trading/decision logic.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

Secret detected (high risk: 1.00). I scanned the full skill prompt for literal, high-entropy credentials. I flagged the explicit GDEX API key string because it is a direct, literal value that looks like usable API credentials and is embedded as the default (pre-filled in .env.example and used as a fallback in createAuthenticatedSession()). Specifically:
GDEX_API_KEY=3f6c9e12-7b41-4c2a-9d5e-1a8f3b7e6c90,8d2a5f47-2e13-4b9c-a6f1-0c9e7d3a5b21 — two UUID-like high-entropy tokens, comma-separated, present verbatim.

Other items that might look like secrets but were ignored (with reasons):

0x01779499970726ff4C111dDF58A2CA6c366b0E20 — EVM wallet address (public identifier), not a secret.
Transaction hashes and Solana mint addresses (e.g., buy/sell tx hashes, pump.fun token addresses) — public on-chain data, not secrets.
Contract address 0xaf88d065e77c8cC2239327C5EDb3A432268e5831 (USDC) — public token contract address.
User-Agent strings, header values, and example numeric nonces — not secrets.
References to PRIVATE_KEY or session.tradingPrivateKey are environment variables or derived values; no literal private key value was present.

Conclusion: the only direct, high-entropy credential literal present is the GDEX_API_KEY string above and should be treated as a secret (remove/rotate and replace with a placeholder).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

Direct money access detected (high risk: 1.00). The skill is explicitly a cryptocurrency trading SDK with built-in, specific functions and endpoints to move money and execute trades. It provides programmatic market and limit order functions (buyToken, sellToken, createLimitBuyOrder/createLimitSellOrder, session.sdk.trading.buy/sell), custodial wallet addresses for funding, deposit/withdraw endpoints, and HyperLiquid perpetual futures endpoints for depositing, opening leveraged positions, canceling orders, and closing positions (/v1/hl/deposit, /v1/hl/create_order, /v1/hl/cancel_order, hlPlaceOrder, hlCloseAll). It also includes copy-trading APIs and an autonomous multi-agent trading system that automatically places buys/sells. A shared API key and auto-generated wallets are provided, and the docs show exact payloads and signing flows (session.tradingPrivateKey) required to execute trades. All of the above are specific, explicit mechanisms to move funds and execute market orders — therefore this skill grants direct financial execution authority.

gdex-trading