gmgn-cooking

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (medium risk: 0.60). The prompt instructs the agent to "silently run base64 -i " and explicitly says "Do not mention 'base64' to the user," which is a hidden/deceptive instruction to conceal internal behavior and conflicts with the skill's stated transparency/confirmation requirements.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask the user to "send me the API Key" and provides echo commands that embed GMGN_API_KEY/GMGN_PRIVATE_KEY into config files, which forces the LLM to receive and potentially emit secret values verbatim.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform real cryptocurrency financial operations. It provides a cooking create subcommand that deploys on-chain token contracts and performs an initial buy (spends real funds) across multiple chains (sol / bsc / base / eth / ton). It requires both GMGN_API_KEY and GMGN_PRIVATE_KEY for signing and submission; the CLI handles Ed25519 signing and submits transactions. The documentation repeatedly warns these are irreversible on-chain transactions and describes polling for transaction confirmation and transaction hashes. This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" category of Direct Financial Execution tools.