Skills
skills/gmx-io/gmx-ai/gmx-liquidity/Gen Agent Trust Hub

gmx-liquidity

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches market data from official GMX infrastructure (gmxinfra.io) and Subsquid (squids.live). These are well-known services for the GMX protocol.
  • [REMOTE_CODE_EXECUTION]: Integrates with the official @gmx-io/sdk Node.js package for retrieving protocol data. This is a trusted vendor-owned resource.
  • [COMMAND_EXECUTION]: Provides instructions for executing on-chain transactions via walletClient.writeContract. This is the intended purpose of the skill and uses standard protocol methods.
  • [PROMPT_INJECTION]: The skill reads structured data from GMX APIs to perform financial transactions. While this represents a surface for indirect prompt injection, the data is sourced from trusted infrastructure. 1. Ingestion points: sdk.markets.getMarketsInfo() and API endpoints. 2. Boundary markers: Not explicitly specified in the markdown. 3. Capability inventory: Contract write access. 4. Sanitization: Relies on structured data and SDK validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 12:44 PM