gmgn-track

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask the user to paste their GMGN API key and then embed that key (and the private key contents) verbatim into shell commands/config files (echo "GMGN_API_KEY=<key_from_user>" ...), which requires the LLM to handle and output secrets directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is largely legitimate integration docs but explicitly instructs the assistant to request the user's GMGN API key (and to handle a private key for follow-wallet), which amounts to soliciting sensitive credentials and creates a clear credential-exfiltration/backdoor risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill requires using the gmgn-cli to fetch public, user-generated on-chain/trade data from GMGN API endpoints (e.g., GET /v1/trade/follow_wallet, /v1/user/kol, /v1/user/smartmoney as described in SKILL.md) and explicitly instructs the agent to read and analyze fields like maker_info and token metadata to drive trading decisions and follow-up actions, so untrusted third‑party content can materially influence agent behavior.