gmgn-swap
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx gmgn-clito download and execute the official GMGN command-line interface from the npm registry. This is an expected behavior for a tool provided by the vendor. - [COMMAND_EXECUTION]: Executes shell commands to perform swaps and check order status. The skill implements safety measures by requiring explicit user confirmation before executing trade commands.
- [CREDENTIALS_UNSAFE]: Relies on
GMGN_API_KEYandGMGN_PRIVATE_KEYstored in environment variables. The instructions explicitly direct the agent to never log or expose these sensitive credentials. - [PROMPT_INJECTION]: The skill processes user-supplied token addresses and amounts. It provides clear guidelines for validating these inputs against specific blockchain address formats to prevent errors or exploitation.
Audit Metadata