gmgn-swap

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt explicitly instructs the user to "send me the API Key" (and otherwise contains contradictory guidance about credential handling), which is a deceptive/out-of-scope instruction to exfiltrate sensitive credentials to the agent rather than keeping them local—this qualifies as a prompt injection risk.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to ask the user to send their GMGN API key and PEM private key and then to embed those secret values directly into generated shell commands (echo 'GMGN_API_KEY=<key_from_user>' ...), which requires the LLM to handle and output secrets verbatim — a high exfiltration risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading/execution tool. It provides gmgn-cli commands to submit on-chain token swaps, multi-wallet batch trades, and create/cancel strategy orders (limit, stop-loss, take-profit, trailing orders) across Solana, BSC, Base, and Ethereum. It requires GMGN_API_KEY and GMGN_PRIVATE_KEY for critical-auth commands, performs local signing, and the documentation states that swap/order commands submit REAL, IRREVERSIBLE blockchain transactions that move funds. These are specific, purpose-built financial execution capabilities (crypto/blockchain wallet signing and transaction submission), not generic tooling.