Skills
skills/gmgnai/gmgn-skills/gmgn-market/Gen Agent Trust Hub

gmgn-market

Warn

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the gmgn-cli tool to perform market queries. It also executes various system commands including openssl for cryptographic key generation, mkdir/echo/chmod for managing configuration files, and ifconfig/ip for network troubleshooting.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the gmgn-cli package from the npm registry. This is an external dependency used to interface with the vendor's API.
  • [DATA_EXFILTRATION]: For diagnostic purposes, the skill instructs the agent to query https://ipv6.icanhazip.com. This operation exposes the environment's public IP address to an external service.
  • [PROMPT_INJECTION]: The skill processes untrusted token metadata (such as names, symbols, and social media links) retrieved from the GMGN API. This data is interpolated into the agent's response, creating a surface for indirect prompt injection.
  • Ingestion points: External market data (trending lists, trench tokens) retrieved via gmgn-cli.
  • Boundary markers: None explicitly defined in the processing instructions.
  • Capability inventory: Subprocess execution (gmgn-cli), network access, and file system modification.
  • Sanitization: No specific sanitization or validation of the retrieved metadata is implemented before output generation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 19, 2026, 01:07 PM