gmgn-market

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt instructs the user to generate an API key and explicitly "send me the API Key value shown on the page," which asks for secret exfiltration not required by the skill's stated local-CLI setup and therefore is a deceptive/out-of-scope instruction (prompt injection).

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to have the user "send me the API Key" and then shows a shell command that embeds that key verbatim into ~/.config/gmgn/.env, which requires the LLM to receive and output the secret value directly (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to run gmgn-cli commands (e.g., market trending / market trenches / market signal) against the GMGN API which returns token metadata and social links (website, twitter_username, telegram, logo, project fields) sourced from public launchpads and user-submitted project pages, and the SKILL.md workflow requires the agent to read and act on those results to drive analysis and recommendations.