gmgn-token

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask the user to send their GMGN_API_KEY and then to insert that API key verbatim into a shell command (echo 'GMGN_API_KEY=<key_from_user>' ...), which requires the LLM to receive and output the secret value.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). High risk: the skill explicitly instructs the assistant to have the user "send me the API Key value" (i.e., solicit the user's GMGN_API_KEY), which is direct credential exfiltration and thus a deliberate malicious/abusive behavior; no other covert backdoors or obfuscated remote-exec patterns were found.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to run gmgn-cli against the GMGN API to fetch token info (e.g., link.website, link.description, twitter_username, holder/trader lists) — public, user-authored/social metadata and on-chain-derived wallet data from third-party sources that the agent reads and uses in scoring and decision workflows, so untrusted third‑party content can materially influence actions.