Skills
skills/gmgnai/gmgn-skills/gmgn-track/Gen Agent Trust Hub

gmgn-track

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the gmgn-cli package via NPM. This tool is a vendor-owned resource from GMGNAI required for the skill's primary tracking functions.
  • [COMMAND_EXECUTION]: Executes several system utilities for configuration and troubleshooting, including openssl for cryptographic key generation, ifconfig and ip for network diagnostics, and standard file operations (mkdir, echo, chmod, rm) to manage local environment settings.
  • [PROMPT_INJECTION]: The skill processes untrusted external data (such as token symbols, names, and wallet tags) fetched from the GMGN API, which presents a surface for indirect prompt injection.
  • Ingestion points: Trade records and wallet information returned by the gmgn-cli track commands in SKILL.md.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands within the external data are defined.
  • Capability inventory: The skill executes shell commands and manages local configuration files, which could be targeted if the ingested data is not handled carefully.
  • Sanitization: No explicit sanitization or validation of the content retrieved from the API is performed before presentation or processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 12:31 AM