Skills
skills/gmgnai/gmgn-skills/gmgn-track/Gen Agent Trust Hub

gmgn-track

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external package gmgn-cli@1.1.0 via the npm registry. This package is provided by the vendor to interact with their API.
  • [COMMAND_EXECUTION]: The skill executes the gmgn-cli command with arguments derived from user input (e.g., wallet addresses). This presents a potential command injection surface if the underlying execution environment does not properly sanitize these arguments before shell invocation.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes untrusted data directly from the blockchain (maker info, token symbols, and tags).
  • Ingestion points: On-chain data fetched via track follow-wallet, track kol, and track smartmoney sub-commands in SKILL.md.
  • Boundary markers: No specific delimiters or instructions are provided to the agent to treat the CLI output as untrusted external content.
  • Capability inventory: The agent has the capability to execute shell commands via gmgn-cli.
  • Sanitization: There is no evidence of sanitization or validation of the on-chain data before it is returned to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 07:05 AM