Skills
skills/gemachdao/gdex-skill/gdex-trading/Gen Agent Trust Hub

gdex-trading

Fail

Audited by Gen Agent Trust Hub on Jun 7, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: Hardcoded shared API keys are present in the configuration and root documentation.
  • Evidence: 9b4e1c73-6a2f-4d88-b5c9-3e7a2f1d6c54 and 2c8f0a91-5d34-4e7b-9a62-f1c3d8e4b705 in src/config/apiKeys.ts and SKILL.md.
  • [COMMAND_EXECUTION]: The skill exposes Model Context Protocol (MCP) tools that accept raw private keys as parameters to execute direct on-chain transactions, creating a significant security risk for the user's secrets.
  • Evidence: The execute_cross_perp and execute_isolated_perp tools in mcp-server/src/tools/directExec.ts request privateKey input from the agent.
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by fetching and processing untrusted text data from a social comment system without sanitization or boundary markers.
  • Ingestion points: The getComments function in src/actions/social.ts retrieves user-generated messages.
  • Boundary markers: Absent; data is returned as raw strings.
  • Capability inventory: The skill has extensive write permissions, including buyToken and transferNative in src/actions/spotTrade.ts and src/actions/transfers.ts.
  • Sanitization: No client-side sanitization is performed on comment data before it enters the agent context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 7, 2026, 01:49 AM
Security Audit — agent-trust-hub — gdex-trading